From b8e50f787d077860b69acef4a6a3318b13bc1072 Mon Sep 17 00:00:00 2001 From: Timo Kreuzer Date: Wed, 24 Apr 2024 19:46:23 +0300 Subject: [PATCH] [NTOS:KE/x64] On syscalls clear nested task flag When this flag is not cleared and the system returns with an IRET, this causes a #GP. Randomly hit by the umkm:SystemCall test. --- ntoskrnl/ke/amd64/kiinit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ntoskrnl/ke/amd64/kiinit.c b/ntoskrnl/ke/amd64/kiinit.c index 54d4d13815a..09a33226288 100644 --- a/ntoskrnl/ke/amd64/kiinit.c +++ b/ntoskrnl/ke/amd64/kiinit.c @@ -218,7 +218,7 @@ KiInitializeCpu(PKIPCR Pcr) ((ULONG64)(KGDT64_R3_CMCODE|RPL_MASK) << 48)); /* Set the flags to be cleared when doing a syscall */ - __writemsr(MSR_SYSCALL_MASK, EFLAGS_IF_MASK | EFLAGS_TF | EFLAGS_DF); + __writemsr(MSR_SYSCALL_MASK, EFLAGS_IF_MASK | EFLAGS_TF | EFLAGS_DF | EFLAGS_NESTED_TASK); /* Enable syscall instruction and no-execute support */ __writemsr(MSR_EFER, __readmsr(MSR_EFER) | MSR_SCE | MSR_NXE);