> Note: for a FRED system, ERETU can generate #SS for a non-canonical user space RSP How? Or to phrase it differently, I hope not. %rsp is a 64bit value and does not have canonical restrictions elsewhere in the architecture, so far as I'm aware. IRET really can restore a non-canonical %rsp, and userspace can run for an indeterminate period of time with a non-canonical %rsp as long as there are no stack accesses. Accesses relative to the the stack using a non-canonical pointer will suffer #SS, but ERETU doesn't modify the userspace stack AFAICT. I can't see anything in the ERETU pseudocode in the FRED spec that mentions a canonical check or memory access using %rsp. ~Andrew
