lguest: fix guest kernel stack overflow when TF bit set.
authorRusty Russell <rusty@rustcorp.com.au>
Thu, 5 Sep 2013 08:15:53 +0000 (17:45 +0930)
committerRusty Russell <rusty@rustcorp.com.au>
Thu, 5 Sep 2013 22:39:27 +0000 (08:09 +0930)
The symptoms are that running gdb on a binary causes the guest to
overflow the kernels stack (after some period of time), resulting in
it finally being killed with a "Bad address" message.

Reported-by: Sakari Ailus <sakari.ailus@iki.fi>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
drivers/lguest/interrupts_and_traps.c

index 28433a155d67da1599dd2b63c852737d7ab9c67f..70dfcdc29f1f9e9d8cfc764d69ab7a965daf5c25 100644 (file)
@@ -139,6 +139,16 @@ static void set_guest_interrupt(struct lg_cpu *cpu, u32 lo, u32 hi,
        cpu->regs->cs = (__KERNEL_CS|GUEST_PL);
        cpu->regs->eip = idt_address(lo, hi);
 
+       /*
+        * Trapping always clears these flags:
+        * TF: Trap flag
+        * VM: Virtual 8086 mode
+        * RF: Resume
+        * NT: Nested task.
+        */
+       cpu->regs->eflags &=
+               ~(X86_EFLAGS_TF|X86_EFLAGS_VM|X86_EFLAGS_RF|X86_EFLAGS_NT);
+
        /*
         * There are two kinds of interrupt handlers: 0xE is an "interrupt
         * gate" which expects interrupts to be disabled on entry.