From bed6b6891db666239fa2880f735fc473b4ea3f59 Mon Sep 17 00:00:00 2001
From: Andrew Boie <andrew.p.boie@intel.com>
Date: Tue, 12 May 2020 17:59:36 -0700
Subject: [PATCH] x86: report when thread re-use is detected

x86_64's __resume path 'poisons' the incoming thread's
saved RIP value with a special 0xB9 value, to catch
re-use of thread objects across CPUs in SMP. Add a check
and printout for this when handling fatal errors, and
treat as a kernel panic.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
---
 arch/x86/core/fatal.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/arch/x86/core/fatal.c b/arch/x86/core/fatal.c
index 44dba24c271..f4c6ddb32a9 100644
--- a/arch/x86/core/fatal.c
+++ b/arch/x86/core/fatal.c
@@ -305,11 +305,21 @@ static void dump_page_fault(z_arch_esf_t *esf)
 FUNC_NORETURN void z_x86_fatal_error(unsigned int reason,
 				     const z_arch_esf_t *esf)
 {
-#ifdef CONFIG_EXCEPTION_DEBUG
 	if (esf != NULL) {
+#ifdef CONFIG_EXCEPTION_DEBUG
 		dump_regs(esf);
-	}
 #endif
+#if defined(CONFIG_ASSERT) && defined(CONFIG_X86_64)
+		if (esf->rip == 0xb9) {
+			/* See implementation of __resume in locore.S. This is
+			 * never a valid RIP value. Treat this as a kernel
+			 * panic.
+			 */
+			LOG_ERR("Attempt to resume un-suspended thread object");
+			reason = K_ERR_KERNEL_PANIC;
+		}
+#endif
+	}
 	z_fatal_error(reason, esf);
 	CODE_UNREACHABLE;
 }