On Wed, May 01, 2019 at 12:03:52PM -0700, Linus Torvalds wrote: > On Wed, May 1, 2019 at 6:11 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > > > Here goes, compile tested only... > > Ugh, two different threads. This has the same bug (same source) as the > one Steven posted: This is what Steve started from; lets continue in the other thread. > > --- a/arch/x86/entry/entry_32.S > > +++ b/arch/x86/entry/entry_32.S > > @@ -1479,6 +1479,13 @@ ENTRY(int3) > > ASM_CLAC > > pushl $-1 # mark this as an int > > > > + testl $SEGMENT_RPL_MASK, PT_CS(%esp) > > + jnz .Lfrom_usermode_no_gap > > + .rept 6 > > + pushl 5*4(%esp) > > + .endr > > +.Lfrom_usermode_no_gap: > > This will corrupt things horribly if you still use vm86 mode. Checking > CS RPL is simply not correct. I'll go fix; I never really understood that vm86 crud and I cobbled this 32bit thing together based on the 64bit version (that Josh did a while ago).
