On Wed, May 11, 2022 at 05:27:50AM +0300, Kirill A. Shutemov wrote:
> @@ -1013,8 +1017,23 @@ static long thread_feature_prctl(struct task_struct *task, int option,
>
> /* Handle ARCH_THREAD_FEATURE_ENABLE */
>
> + if (features & (X86_THREAD_LAM_U48 | X86_THREAD_LAM_U57)) {
> + long ret;
> +
> + /* LAM is only available in long mode */
> + if (in_32bit_syscall())
> + return -EINVAL;
So what happens if userspace sets up a 32bit code entry in the LDT and
does the LAM thing as a 64bit syscamm but then goes run 32bit code?
> +
> + ret = enable_lam(task, features);
> + if (ret)
> + return ret;
> + }
> +
> task->thread.features |= features;
> out:
> + /* Update CR3 to get LAM active */
> + switch_mm(task->mm, task->mm, task);
> +
> return task->thread.features;
> }
>
