[PATCH] Remove all register pops before sysexit

This patch, which depends on the previous %ebx -> %ebp patch, removes
all pop instruction in the sysenter return path.

This leaks the thread_info address to user mode but this shouldn't be
a security problem.

This is what happens to the various registers:

	%eax: return value from system call: already in place
	%ebx, %esi, %edi: saved by the C compiler
	%ecx, %edx, %ebp: restored by user mode, fixed values by kernels
	%esp, eip: copied to %ecx/%edx and restored by sysexit
	%ds, %es: initialized to __USER_DS on kernel entry
	%cs, %ss: restored by sysexit based on msr
	%fs, %gs: not modified by the kernel (saved around context switch)
	eflags: not preserved, iopl saved around context switch
	FP, XMM: any code that modifies them must save/restore them

Note that while it is possible to change %ebx, %esi, %edi, %ecx, %edx
or %ebp via struct pt_regs, anything that does should set TIF_IRET or
another work flag (and it hopefully already does).

arch/i386/kernel/entry.S

@@ -274,9 +274,9 @@ ENTRY(sysenter_entry)
 	movl TI_FLAGS(%ebp), %ecx
 	testw $_TIF_ALLWORK_MASK, %cx
 	jne syscall_exit_work
-	RESTORE_INT_REGS
-	movl 12(%esp),%edx
-	movl 24(%esp),%ecx
+/* if something modifies registers it must also disable sysexit */
+	movl EIP(%esp), %edx
+	movl OLDESP(%esp), %ecx
 	sti
 	sysexit