@@ -852,13 +852,22 @@ static inline void spin_lock_prefetch(const void *x)

#else

/*

- * User space process size. 47bits minus one guard page. The guard

- * page is necessary on Intel CPUs: if a SYSCALL instruction is at

- * the highest possible canonical userspace address, then that

- * syscall will enter the kernel with a non-canonical return

- * address, and SYSRET will explode dangerously. We avoid this

- * particular problem by preventing anything from being mapped

- * at the maximum canonical address.

+ * User space process size. This is the first address outside the user range.

+ * There are a few constraints that determine this:

+ *

+ * On Intel CPUs, if a SYSCALL instruction is at the highest canonical

+ * address, then that syscall will enter the kernel with a

+ * non-canonical return address, and SYSRET will explode dangerously.

+ * We avoid this particular problem by preventing anything executable

+ * from being mapped at the maximum canonical address.

+ *

+ * On AMD CPUs in the Ryzen family, there's a nasty bug in which the

+ * CPUs malfunction if they execute code from the highest canonical page.

+ * They'll speculate right off the end of the canonical space, and

+ * bad things happen. This is worked around in the same way as the

+ * Intel problem.

+ *

+ * With page table isolation enabled, we map the LDT in ... [stay tuned]

*/

#define TASK_SIZE_MAX ((1UL << __VIRTUAL_MASK_SHIFT) - PAGE_SIZE)