On 3/20/26 08:47, Andrew Cooper wrote: >> First, CPUID doesn't tell you if FRED is in use. Is it even on by >> default yet? There might not be a better way to do this than checking >> CPUID, but checking CPUID is imprecise at best. > A reliable way to distinguish IDT and FRED mode is to: > > 1) Load $3 into %fs (x86_64) or %gs (i386) (i.e. whichever isn't thread > local stoage) > 2) execute a breakpoint, ignore the signal > 3) Look to see whether %fs/%gs holds 3 or 0 > > IRET has a fun behaviour where it zeroes NULL selectors even if they had > a non-zero RPL. > > ERETU doesn't do this; Andy Luto and I asked for this minor information > leak to be removed, and Intel agreed as it served no purpose anyone > could identify. > > As a consequence, you can use it to determine whether the kernel used > IRET or ERET to return back to userspace.
I was thinking of just grepping /proc/cpuinfo for "fred", but that sounds much more fun! :)
