Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes: > Rusty noticed a Really Bad Bug (tm) in my NT fix. The entry code > reads out of bounds, causing the NT fix to be unreliable. But, and > this is much, much worse, if your stack is somehow just below the > top of the direct map (or a hole), you read out of bounds and crash. > > Excerpt from the crash: > > [ 1.129513] RSP: 0018:ffff88001da4bf88 EFLAGS: 00010296 > > 2b:* f7 84 24 90 00 00 00 testl $0x4000,0x90(%rsp) > > That read is deterministically above the top of the stack. I > thought I even single-stepped through this code when I wrote it to > check the offset, but I clearly screwed it up. > > Fixes 8c7aa698baca x86_64, entry: Filter RFLAGS.NT on entry from userspace > > Reported-by: Rusty Russell <rusty@xxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> Tested-by: Rusty Russell <rusty@xxxxxxxxxxxxxxx> Thanks for the fast response... Rusty. -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html