lguest: fix guest kernel stack overflow when TF bit set.

The symptoms are that running gdb on a binary causes the guest to overflow the kernels stack (after some period of time), resulting in it finally being killed with a "Bad address" message. Reported-by: Sakari Ailus <[email protected]> Signed-off-by: Rusty Russell <[email protected]>
goldwynr · Sep 5, 2013 · 98fb4e5 · 98fb4e5
1 parent 4623c28
commit 98fb4e5
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/drivers/lguest/interrupts_and_traps.c b/drivers/lguest/interrupts_and_traps.c
@@ -139,6 +139,16 @@ static void set_guest_interrupt(struct lg_cpu *cpu, u32 lo, u32 hi,
 	cpu->regs->cs = (__KERNEL_CS|GUEST_PL);
 	cpu->regs->eip = idt_address(lo, hi);
 
+	/*
+	 * Trapping always clears these flags:
+	 * TF: Trap flag
+	 * VM: Virtual 8086 mode
+	 * RF: Resume
+	 * NT: Nested task.
+	 */
+	cpu->regs->eflags &=
+		~(X86_EFLAGS_TF|X86_EFLAGS_VM|X86_EFLAGS_RF|X86_EFLAGS_NT);
+
 	/*
 	 * There are two kinds of interrupt handlers: 0xE is an "interrupt
 	 * gate" which expects interrupts to be disabled on entry.