On Tue, Mar 22, 2022 at 02:31:36PM +0900, Masami Hiramatsu wrote: > > Also, I think both should fix regs->ss. > > I'm not sure this part. Since the return trampoline should run in the same > context of the called function, isn't ss same there too? It creates pt_regs on the stack, so the trampolines do: push $arch_rethook_trampoline push %rsp pushf sub $24, %rsp /* cs, ip, orig_ax */ push %rdi ... push %r15 That means that if anybody looks at regs->ss, it'll find $arch_rethook_trampoline, which isn't a valid segment descriptor, or am I just really bad at counting today? I'm thinking you want a copy of __KERNEL_DS in that stack slot, not a function pointer.
