2 files changed, 6 insertions, 5 deletions

diff --git a/arch/i386/kernel/entry.S b/arch/i386/kernel/entry.S
index 3872fca5c74a..284f2e908ad0 100644
--- a/arch/i386/kernel/entry.S
+++ b/arch/i386/kernel/entry.S
@@ -240,8 +240,9 @@ ret_from_intr:
 check_userspace:
         movl EFLAGS(%esp), %eax         # mix EFLAGS and CS
         movb CS(%esp), %al
-        testl $(VM_MASK | 3), %eax
-        jz resume_kernel
+        andl $(VM_MASK | SEGMENT_RPL_MASK), %eax
+        cmpl $USER_RPL, %eax
+        jb resume_kernel                # not returning to v8086 or userspace
 ENTRY(resume_userspace)
         DISABLE_INTERRUPTS              # make sure we don't miss an interrupt
                                         # setting need_resched or sigpending
@@ -377,8 +378,8 @@ restore_all:
         # See comments in process.c:copy_thread() for details.
         movb OLDSS(%esp), %ah
         movb CS(%esp), %al
-        andl $(VM_MASK | (4 << 8) | 3), %eax
-        cmpl $((4 << 8) | 3), %eax
+        andl $(VM_MASK | (SEGMENT_TI_MASK << 8) | SEGMENT_RPL_MASK), %eax
+        cmpl $((SEGMENT_LDT << 8) | USER_RPL), %eax
         CFI_REMEMBER_STATE
         je ldt_ss                       # returning to user-space with LDT SS
 restore_nocheck:
diff --git a/arch/i386/kernel/process.c b/arch/i386/kernel/process.c
index 220aeca59c3a..8c190ca7ae44 100644
--- a/arch/i386/kernel/process.c
+++ b/arch/i386/kernel/process.c
@@ -338,7 +338,7 @@ int kernel_thread(int (*fn)(void *), void * arg, unsigned long flags)
         regs.xes = __USER_DS;
         regs.orig_eax = -1;
         regs.eip = (unsigned long) kernel_thread_helper;
-        regs.xcs = __KERNEL_CS;
+        regs.xcs = __KERNEL_CS | get_kernel_rpl();
         regs.eflags = X86_EFLAGS_IF | X86_EFLAGS_SF | X86_EFLAGS_PF | 0x2;
 
         /* Ok, create the new process.. */