x86_64: Fix off-by-one error setting up the Interrupt Stack Tables

The Interrupt Stack Table entries in a 64bit TSS are a 1 based data
structure as far as hardware is concerned.  As a result, the code
setting up stacks in subarch_percpu_traps_init() fills in the wrong
IST entries.

The result is that the MCE handler executes on the stack set up for
NMIs; the NMI handler executes on a stack set up for Double Faults,
and Double Faults are executed with a stack pointer set to 0.

Once the #DF handler starts to execute, it will usually take a page
fault looking up the address at 0xfffffffffffffff8, which will cause a
triple fault.  If a guest has mapped a page in that location, then it
will have some state overwritten, but as the #DF handler always calls
panic(), this is not a problem the guest will have time to care about.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

0 files changed, 0 insertions, 0 deletions