[Bug target/98219] New: User-interrupt return pop corrupt RIP

crazylht at gmail dot com via Gcc-bugs Wed, 09 Dec 2020 18:10:09 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98219


            Bug ID: 98219
           Summary: User-interrupt return pop corrupt RIP
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
          Assignee: unassigned at gcc dot gnu.org
          Reporter: crazylht at gmail dot com
                CC: hjl.tools at gmail dot com
  Target Milestone: ---
            Target: x86_64-*-* i?86-*-*

According to SDM, for user-interrupt delivery, it push 4 64-bits values

Push tempRSP;
Push RFLAGS;
Push RIP;
Push UIRRV; // 64-bit push; upper 58 bits pushed as 0


But uiret only pop 3 64-bits values.

Pop tempRIP;
Pop tempRFLAGS; // see below for how this is used to load RFLAGS
Pop tempRSP;

Looks like the interrupt handler has to POP the vector before it calls UIRET. I
think the current compiler might not be handling that.

[Bug target/98219] New: User-interrupt return pop corrupt RIP

Reply via email to