diff options
| -rw-r--r-- | arch/x86/kernel/entry_64.S | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S index 2babb393915e..f0095a76c182 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S | |||
| @@ -799,7 +799,21 @@ retint_swapgs: /* return to user-space */ | |||
| 799 | cmpq %r11,(EFLAGS-ARGOFFSET)(%rsp) /* R11 == RFLAGS */ | 799 | cmpq %r11,(EFLAGS-ARGOFFSET)(%rsp) /* R11 == RFLAGS */ |
| 800 | jne opportunistic_sysret_failed | 800 | jne opportunistic_sysret_failed |
| 801 | 801 | ||
| 802 | testq $X86_EFLAGS_RF,%r11 /* sysret can't restore RF */ | 802 | /* |
| 803 | * SYSRET can't restore RF. SYSRET can restore TF, but unlike IRET, | ||
| 804 | * restoring TF results in a trap from userspace immediately after | ||
| 805 | * SYSRET. This would cause an infinite loop whenever #DB happens | ||
| 806 | * with register state that satisfies the opportunistic SYSRET | ||
| 807 | * conditions. For example, single-stepping this user code: | ||
| 808 | * | ||
| 809 | * movq $stuck_here,%rcx | ||
| 810 | * pushfq | ||
| 811 | * popq %r11 | ||
| 812 | * stuck_here: | ||
| 813 | * | ||
| 814 | * would never get past 'stuck_here'. | ||
| 815 | */ | ||
| 816 | testq $(X86_EFLAGS_RF|X86_EFLAGS_TF), %r11 | ||
| 803 | jnz opportunistic_sysret_failed | 817 | jnz opportunistic_sysret_failed |
| 804 | 818 | ||
| 805 | /* nothing to check for RSP */ | 819 | /* nothing to check for RSP */ |