Code inspection of entry.S on i386 showed a potential problem - load
through segment without verifying "flatness" on the sysenter path.
Turns out this code is safe, but only by a thread ..
* Load the potential sixth argument from user stack.
* Careful about security.
1: movl (%ebp),%ebp
If it weren't for the fact that %ebp relative addresses default to using
the SS segment, we could have loaded through a user segment here to read
arbitrary memory (sysenter does nothing to DS segment). Perhaps this
was considered before, but because of the implications, I thought this
might be worth annotating in the source. Also provided a test case.
Obviously only works on sysenter capable processors. Tested on 2.6.8.