On Wed, May 1, 2019 at 6:11 AM Peter Zijlstra peterz@infradead.org wrote:
Here goes, compile tested only...
Ugh, two different threads. This has the same bug (same source) as the one Steven posted:
--- a/arch/x86/entry/entry_32.S +++ b/arch/x86/entry/entry_32.S @@ -1479,6 +1479,13 @@ ENTRY(int3) ASM_CLAC pushl $-1 # mark this as an int
testl $SEGMENT_RPL_MASK, PT_CS(%esp)
jnz .Lfrom_usermode_no_gap
.rept 6
pushl 5*4(%esp)
.endr
+.Lfrom_usermode_no_gap:
This will corrupt things horribly if you still use vm86 mode. Checking CS RPL is simply not correct.
Linus