pc64: ensure user pc is never set to a non-canonical address through setregisters

on intel processors, a general protection exception is fired if a non-canonical address is loaded into PC during SYSRET. this will cause the kernel to panic.

see http://www.kb.cert.org/vuls/id/649219 and the intel software developer manual for more information.

diff --git a/sys/src/9/pc64/mem.h b/sys/src/9/pc64/mem.h
index 73fbcfc93894b0bce4b5749c46d2b771a8f9390e..9003863cafd42290eb3c63045397ff260b8822b8 100644 (file)
--- a/sys/src/9/pc64/mem.h
+++ b/sys/src/9/pc64/mem.h
@@ -44,9 +44,10 @@
  *  Address spaces. User:
  */
 #define UTZERO         (0x0000000000200000ull)         /* first address in user text */
+#define UADDRMASK      (0x00007fffffffffffull)         /* canonical address mask */
 #define TSTKTOP                (0x00007ffffffff000ull)
-#define USTKSIZE       (16*MiB)                /* size of user stack */
-#define USTKTOP                (TSTKTOP-USTKSIZE)      /* end of new stack in sysexec */
+#define USTKSIZE       (16*MiB)                        /* size of user stack */
+#define USTKTOP                (TSTKTOP-USTKSIZE)              /* end of new stack in sysexec */
 
 /*
  *  Address spaces. Kernel, sorted by address.

diff --git a/sys/src/9/pc64/trap.c b/sys/src/9/pc64/trap.c
index 41a8c4978595f33c5d1444caa5ac34af8992d1e9..6b2154c3f38fc89230013026a5526bfbfa8694e8 100644 (file)
--- a/sys/src/9/pc64/trap.c
+++ b/sys/src/9/pc64/trap.c
@@ -992,6 +992,7 @@ setregisters(Ureg* ureg, char* pureg, char* uva, int n)
        if(ureg->gs != UDSEL)
                ureg->gs = 0;
        ureg->flags = (ureg->flags & 0x00ff) | (flags & 0xff00);
+       ureg->pc &= UADDRMASK;
 }
 
 static void