In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs->gp is never used since the kernel gp is not touched by switchto. For a user mode helper, the gp value can be observed in user space after execve or possibly by other means. [From the email thread] The /* Kernel thread */ comment is somewhat inaccurate in that it is also used for usermodehelper threads, which exec a user process, e.g. /sbin/init or when /proc/sys/kernel/corepattern is a pipe. Such threads do not have PFKTHREAD set and are valid targets for ptrace etc. even before they exec. childregs is the *user* context during syscall execution and it is observable from userspace in at least five ways: 1. kernelexecve does not currently clear integer registers, so the starting register state for PID 1 and other user processes started by the kernel has sp = user stack, gp = kernel _globalpointer$, all other integer registers zeroed by the memset in the patch comment. This is a bug in its own right, but I'm unwilling to bet that it is the only way to exploit the issue addressed by this patch. 2. ptrace(PTRACEGETREGSET): you can PTRACEATTACH to a usermodehelper thread before it execs, but ptrace requires SIGSTOP to be delivered which can only happen at user/kernel boundaries. 3. /proc//task//syscall: this is perfectly happy to read ptregs for usermodehelpers before the exec completes, but gp is not one of the registers it returns. 4. PERFSAMPLEREGSUSER: LOCKDOWNPERF normally prevents access to kernel addresses via PERFSAMPLEREGSINTR, but due to this bug kernel addresses are also exposed via PERFSAMPLEREGSUSER which is permitted under LOCKDOWNPERF. I have not attempted to write exploit code. 5. Much of the tracing infrastructure allows access to user registers. I have not attempted to determine which forms of tracing allow access to user registers without already allowing access to kernel registers.