x86_64: Add a comment explaining the TASK_SIZE_MAX guard page

author Andy Lutomirski <luto@amacapital.net>

Tue, 4 Nov 2014 23:46:21 +0000 (15:46 -0800)

committer Ingo Molnar <mingo@kernel.org>

Mon, 10 Nov 2014 09:43:13 +0000 (10:43 +0100)
author Andy Lutomirski <luto@amacapital.net>
Tue, 4 Nov 2014 23:46:21 +0000 (15:46 -0800)
committer Ingo Molnar <mingo@kernel.org>
Mon, 10 Nov 2014 09:43:13 +0000 (10:43 +0100)
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h

index eb71ec794732b98f09531054c37ecc19c5d94f52..82d93ea13c0c0a44164ed6923442f9ec8d86cdf7 100644 (file)
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -893,7 +893,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
  
  #else
  /*
- * User space process size. 47bits minus one guard page.
+ * User space process size. 47bits minus one guard page.  The guard
+ * page is necessary on Intel CPUs: if a SYSCALL instruction is at
+ * the highest possible canonical userspace address, then that
+ * syscall will enter the kernel with a non-canonical return
+ * address, and SYSRET will explode dangerously.  We avoid this
+ * particular problem by preventing anything from being mapped
+ * at the maximum canonical address.
   */
  #define TASK_SIZE_MAX  ((1UL << 47) - PAGE_SIZE)
author	Andy Lutomirski <luto@amacapital.net>
	Tue, 4 Nov 2014 23:46:21 +0000 (15:46 -0800)
committer	Ingo Molnar <mingo@kernel.org>
	Mon, 10 Nov 2014 09:43:13 +0000 (10:43 +0100)