Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757391AbcKXRRC (ORCPT ); Thu, 24 Nov 2016 12:17:02 -0500 Received: from mail-vk0-f50.google.com ([209.85.213.50]:36147 "EHLO mail-vk0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754307AbcKXRRB (ORCPT ); Thu, 24 Nov 2016 12:17:01 -0500 MIME-Version: 1.0 In-Reply-To: References: <20161121071342.GA16999@gmail.com> <5bc7c7b2-875e-6366-9244-7dc6e2fae5c1@zytor.com> From: Andy Lutomirski Date: Thu, 24 Nov 2016 09:16:39 -0800 Message-ID: Subject: Re: What exactly do 32-bit x86 exceptions push on the stack in the CS slot? To: Linus Torvalds Cc: "H. Peter Anvin" , Ingo Molnar , Brian Gerst , Andy Lutomirski , Matthew Whitehead , "linux-kernel@vger.kernel.org" , X86 ML Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 820 Lines: 24 On Mon, Nov 21, 2016 at 1:21 PM, Linus Torvalds wrote: > On Mon, Nov 21, 2016 at 10:26 AM, H. Peter Anvin wrote: >> On 11/21/16 10:00, Linus Torvalds wrote: >>> >>> I'd much rather we go back to just making the "cs" entry explicitly >>> 16-bit, and have a separate padding entry, the way we used to long >>> long ago. >>> >> >> I would agree 100% with this. > > We _used_ to do it like this in some places (signal stack, other places): > > unsigned short cs, __csh; I'm testing a patch to do exactly this. I didn't bother with the fancy anonymous union stuff because I don't see any great reason that anything needs to write the high bits. Amusingly, grsecurity seems to contain a fix for one instance of this bug on x86_32 and one instance on x86_64 (!). --Andy