Re: [PATCHv8 14/17] x86/traps: Handle LASS thrown #SS

From: Andrew Cooper
Date: Wed Jul 02 2025 - 19:42:44 EST

Next message: Florian Fainelli: "Re: [PATCH net v5 0/4] net: phy: bcm54811: Fix the PHY initialization"
Previous message: Alison Schofield: "Re: [PATCH v2 0/8] cleanup: Introduce ACQUIRE(), a guard() for conditional locks"
In reply to: H. Peter Anvin: "Re: [PATCHv8 14/17] x86/traps: Handle LASS thrown #SS"
Next in thread: H. Peter Anvin: "Re: [PATCHv8 14/17] x86/traps: Handle LASS thrown #SS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Note: for a FRED system, ERETU can generate #SS for a non-canonical user space RSP

How? Or to phrase it differently, I hope not.

%rsp is a 64bit value and does not have canonical restrictions elsewhere
in the architecture, so far as I'm aware. IRET really can restore a
non-canonical %rsp, and userspace can run for an indeterminate period of
time with a non-canonical %rsp as long as there are no stack accesses.

Accesses relative to the the stack using a non-canonical pointer will
suffer #SS, but ERETU doesn't modify the userspace stack AFAICT. I
can't see anything in the ERETU pseudocode in the FRED spec that
mentions a canonical check or memory access using %rsp.

~Andrew

Next message: Florian Fainelli: "Re: [PATCH net v5 0/4] net: phy: bcm54811: Fix the PHY initialization"
Previous message: Alison Schofield: "Re: [PATCH v2 0/8] cleanup: Introduce ACQUIRE(), a guard() for conditional locks"
In reply to: H. Peter Anvin: "Re: [PATCHv8 14/17] x86/traps: Handle LASS thrown #SS"
Next in thread: H. Peter Anvin: "Re: [PATCHv8 14/17] x86/traps: Handle LASS thrown #SS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]