From d2886ab8bc49f9bbc8bc7461e36698ecea60e7a4 Mon Sep 17 00:00:00 2001 From: Andrew Boie Date: Tue, 12 Feb 2019 16:11:14 -0800 Subject: [PATCH] x86: clear EFLAGS on double fault In the event of a double fault, we do a HW task switch to a special _df_tss hardware task which resets the stack pointer to the interrupt stack and otherwise restores the main hardware task to a runnable state so that _df_handler_bottom() can run. However, we need to make sure that _df_handler_bottom() runs with interrupts locked, otherwise another IRQ could corrupt the interrupt stack resulting in undefined behavior. We have very little stack space to work with in this context, just zero it. It's a fatal error for the thread in any event. Fixes: #7291 Signed-off-by: Andrew Boie --- arch/x86/core/fatal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/core/fatal.c b/arch/x86/core/fatal.c index 08bc3ad0f4b..a99823c8a04 100644 --- a/arch/x86/core/fatal.c +++ b/arch/x86/core/fatal.c @@ -446,6 +446,7 @@ static FUNC_NORETURN __used void _df_handler_top(void) _main_tss.ss = DATA_SEG; _main_tss.eip = (u32_t)_df_handler_bottom; _main_tss.cr3 = (u32_t)X86_MMU_PDPT; + _main_tss.eflags = 0; /* NT bit is set in EFLAGS so we will task switch back to _main_tss * and run _df_handler_bottom