> On Tue, Apr 12, 2022 at 10:40:04AM +0300, Dmitry Monakhov wrote:
>
>> For historical reasons we check only IRET_FRAME_OFFSET, but this check
>> is no longer valid because we also access regs->sp field which is
>> located beyond IRET_FRAME, so it is reasonable to validate full structure.
>
> Uuuh, what? IRET frame is:
>
> ss, sp, flags, cs, ip
>
> that very much includes sp.
Oh. Indeed you are right. Sorry. Please ignore this patch.