Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753112AbcKUFxd (ORCPT <rfc822;w@1wt.eu>);
        Mon, 21 Nov 2016 00:53:33 -0500
Received: from terminus.zytor.com ([198.137.202.10]:52226 "EHLO mail.zytor.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750744AbcKUFxc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Nov 2016 00:53:32 -0500
User-Agent: K-9 Mail for Android
In-Reply-To: <CALCETrUqdp=rEKX4gdSpJYder3q0g_yxdRE9APw8MgerXvnB=w@mail.gmail.com>
References: <CALCETrUqdp=rEKX4gdSpJYder3q0g_yxdRE9APw8MgerXvnB=w@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
 charset=UTF-8
Subject: Re: What exactly do 32-bit x86 exceptions push on the stack in the CS slot?
From: hpa@zytor.com
Date: Sun, 20 Nov 2016 20:54:12 -0800
To: Andy Lutomirski <luto@kernel.org>, tedheadster@gmail.com,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Brian Gerst <brgerst@gmail.com>, George Spelvin <linux@horizon.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        X86 ML <x86@kernel.org>
Message-ID: <4152ADD4-3F2D-46B2-B545-082C734C7640@zytor.com>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1271
Lines: 29

On November 19, 2016 5:52:57 PM PST, Andy Lutomirski <luto@kernel.org> wrote:
>This is a question for the old-timers here, since I can't find
>anything resembling an answer in the SDM.
>
>Suppose an exception happens (#UD in this case, but I assume it
>doesn't really matter).  We're not in long mode, and the IDT is set up
>to deliver to a normal 32-bit kernel code segment.  We're running in
>that very same code segment when the exception hits, so no CPL change
>occurs and the TSS doesn't particularly matter.
>
>The CPU will push EFLAGS, CS, and RIP.  Here's the question: what
>happens to the high word of CS on the stack?
>
>The SDM appears to say nothing at all about this.  Modern systems
>(e.g. my laptop running in 32-bit legacy mode under KVM) appear to
>zero-extend CS.  But Matthew's 486DX appears to put garbage in the
>high bits (or maybe just leave whatever was already on the stack in
>place).
>
>Do any of you happen to know what's going on and when the behavior
>changed?  I'd like to know just how big of a problem this is.  Because
>if lots of CPUs work like Matthew's, we have lots of subtle bugs on
>them.
>
>--Andy

I believe i686+ writes zero, older CPUs leave unchanged.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.