On July 2, 2025 4:42:27 PM PDT, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote: >> Note: for a FRED system, ERETU can generate #SS for a non-canonical user space RSP > >How? Or to phrase it differently, I hope not. > >%rsp is a 64bit value and does not have canonical restrictions elsewhere >in the architecture, so far as I'm aware. IRET really can restore a >non-canonical %rsp, and userspace can run for an indeterminate period of >time with a non-canonical %rsp as long as there are no stack accesses. > >Accesses relative to the the stack using a non-canonical pointer will >suffer #SS, but ERETU doesn't modify the userspace stack AFAICT. I >can't see anything in the ERETU pseudocode in the FRED spec that >mentions a canonical check or memory access using %rsp. > >~Andrew You are right of course. Brainfart on my part.
