Developer Fixes Sign-Extension Bug In Linux
A hypervisor developer building a Type-2 hypervisor discovered a sign-extension bug in C that miscomputed the Task State Segment (TSS) base written to VMCS HOST_TR_BASE, after porting code from Linux selftests. On a physical machine with multiple cores (including three vCPUs in testing), the incorrect TSS caused unmapped stack reads, page faults, and CPU core crashes, prompting a Linux kernel patch.
Key Points
- 1Identifies sign-extension bug in C that miscomputed TSS base for VMCS HOST_TR_BASE.
- 2Causes kernel to read unmapped TSS stacks, triggering page faults, double faults, and core crashes.
- 3Suggests careful sign/size handling when parsing descriptors; test on physical CPUs beyond VMs.
Scoring Rationale
Actionable, detailed debugging and kernel patching; limited novelty and narrow applicability outside virtualization and low-level systems.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems