Re: [RFC][PATCH] ftrace/x86: Emulate call function while updating in breakpoint handler
From: Linus Torvalds
Date: Wed May 01 2019 - 15:11:23 EST
On Wed, May 1, 2019 at 6:11 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> Here goes, compile tested only...
Ugh, two different threads. This has the same bug (same source) as the
one Steven posted:
> --- a/arch/x86/entry/entry_32.S
> +++ b/arch/x86/entry/entry_32.S
> @@ -1479,6 +1479,13 @@ ENTRY(int3)
> ASM_CLAC
> pushl $-1 # mark this as an int
>
> + testl $SEGMENT_RPL_MASK, PT_CS(%esp)
> + jnz .Lfrom_usermode_no_gap
> + .rept 6
> + pushl 5*4(%esp)
> + .endr
> +.Lfrom_usermode_no_gap:
This will corrupt things horribly if you still use vm86 mode. Checking
CS RPL is simply not correct.
Linus