lguest: fix guest kernel stack overflow when TF bit set.

rustyrussell · rustyrussell · commit 98fb4e5e6b10 · 2013-09-06T08:09:27.000+09:30
The symptoms are that running gdb on a binary causes the guest to
overflow the kernels stack (after some period of time), resulting in
it finally being killed with a "Bad address" message.

Reported-by: Sakari Ailus &lt;sakari.ailus@iki.fi&gt;
Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
diff --git a/drivers/lguest/interrupts_and_traps.c b/drivers/lguest/interrupts_and_traps.c
@@ -139,6 +139,16 @@ static void set_guest_interrupt(struct lg_cpu *cpu, u32 lo, u32 hi,
 	cpu->regs->cs = (__KERNEL_CS|GUEST_PL);
 	cpu->regs->eip = idt_address(lo, hi);
 
+	/*
+	 * Trapping always clears these flags:
+	 * TF: Trap flag
+	 * VM: Virtual 8086 mode
+	 * RF: Resume
+	 * NT: Nested task.
+	 */
+	cpu->regs->eflags &=
+		~(X86_EFLAGS_TF|X86_EFLAGS_VM|X86_EFLAGS_RF|X86_EFLAGS_NT);
+
 	/*
 	 * There are two kinds of interrupt handlers: 0xE is an "interrupt
 	 * gate" which expects interrupts to be disabled on entry.
