On Thu, 7 Apr 2005, Stas Sergeev wrote:
>
> > because it adds the 2 words space that is needed - but the information
> > relied on by your irq-return test is still bogus.
>
> But as an example for demonstrating the problem,
> I thought, it could do:)
Ingo: the information is bogus, but you're wrong: the code doesn't "rely"
on it.
The fact is, bogus information is _fine_. That's what speculative work is
all about: working with bogus information, with the assumption that some
later test will ignore it if it's not relevant.
And the later test _will_ ignore it if it isn't relevant. Look for
yourself:
cmpl $((4 << 8) | 3), %eax
je ldt_ss # returning to user-space with LDT SS
notice how the "cmpl" _only_ triggers if the old CS had the low three bits
set and if EFLAGS_VM is clear. So if we return to kernel mode (or vm86)
mode, we _know_ that the SS is bogus, but we don't care. We've tested for
the proper thing, and we only do the special user-space LDT SS case if
- the LDT bit was set in SS (possibly bogus)
AND
- old CS was user space
AND
- old eflags wasn't vm86 mode.
Ie the two second checks are what validates the first (possibly bogus)
one.
So I really think that the _correct_ fix is literally to move the "cli"
in the sysenter path down two lines. It doesn't just "hide" the bug, it
literally fixes is.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
