On Thu, Feb 08, 2018 at 11:20:26AM -0600, Josh Poimboeuf wrote: > The patch description is confusing. It talks about "crappy drivers irq > handlers when they access wrong memory on the stack". But if I > understand correctly, the patch doesn't actually protect against that > case, because irq handlers run on the irq stack, and this patch only > affects code which *isn't* running on the irq stack.
This would catch a crappy driver which allocates some memory on the irq stack, squirrels the pointer to it away in a data structure, then returns to process (or softirq) context and dereferences the pointer. I have no idea if that's the case that Kirill is tracking down, but it's something I can imagine someone doing.