On Tue, Mar 22, 2022 at 06:14:54PM +0900, Masami Hiramatsu wrote: > On Tue, 22 Mar 2022 09:08:22 +0100 > Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > > > On Tue, Mar 22, 2022 at 02:31:36PM +0900, Masami Hiramatsu wrote: > > > > > > Also, I think both should fix regs->ss. > > > > > > I'm not sure this part. Since the return trampoline should run in the same > > > context of the called function, isn't ss same there too? > > > > It creates pt_regs on the stack, so the trampolines do: > > > > push $arch_rethook_trampoline > > push %rsp > > pushf > > sub $24, %rsp /* cs, ip, orig_ax */ > > push %rdi > > ... > > push %r15 > > > > That means that if anybody looks at regs->ss, it'll find > > $arch_rethook_trampoline, which isn't a valid segment descriptor, or am > > I just really bad at counting today? > > Ah, got it. It seems that the ss was skipped from the beginning, and > no one argued that. Yeah, this is a long-standing issue, but I noticed it when looking at the code yesterday. > > I'm thinking you want a copy of __KERNEL_DS in that stack slot, not a > > function pointer. > > The function pointer is for unwinding stack which involves the kretprobe. > Anyway, I can add a slot for ss if it is neeeded. But if it always be > __KERNEL_DS, is it worth to save it? Probably, to save someone future head-aches. The insn-eval.c stuff will actually look at SS when it tries to decode BP/SP fields, and I've got vague memories of actually using that a while ago. I think I was playing around with double-fault and the whole espfix64 mess and hit the ESPFIX segment.
