On Mon, 20 Nov 2017, Andy Lutomirski wrote:
> struct tss_struct {
> /*
> - * The hardware state:
> + * Space for the temporary SYSENTER stack. Used for the entry
> + * trampoline as well. Size it such that tss_struct ends up
> + * as a multiple of PAGE_SIZE. This calculation assumes that
> + * io_bitmap is a multiple of PAGE_SIZE (8192 bytes) plus one
> + * long.
I don't see how sizeof(tss_struct) is a multiple of PAGE_SIZE
canary = 8
stack = 512
hw_tss = 104
io bitmap = 8200
-------------------------
8824
The alignment is what blows it up to 3 * PAGE_SIZE
> + */
> + unsigned long SYSENTER_stack_canary;
> + unsigned long SYSENTER_stack[64];
> +
> + /*
> + * The fixed hardware portion. This must not cross a page boundary
> + * at risk of violating the SDM's advice and potentially triggering
> + * errata.
> */
> struct x86_hw_tss x86_tss;
>
> @@ -338,15 +350,9 @@ struct tss_struct {
> * be within the limit.
> */
> unsigned long io_bitmap[IO_BITMAP_LONGS + 1];
> +} __attribute__((__aligned__(PAGE_SIZE)));
>
Thanks,
tglx
