From f9003d7a58195d0b7331dd240ae733132a0056d7 Mon Sep 17 00:00:00 2001
From: apio <blobs.trading@gmail.com>
Date: Sat, 15 Jul 2023 11:54:48 +0200
Subject: [PATCH] kernel: Mask away unsafe bits in rflags when restoring state
 after a signal

---
 kernel/src/arch/x86_64/Thread.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/src/arch/x86_64/Thread.cpp b/kernel/src/arch/x86_64/Thread.cpp
index 762961c4..311bf7b5 100644
--- a/kernel/src/arch/x86_64/Thread.cpp
+++ b/kernel/src/arch/x86_64/Thread.cpp
@@ -150,6 +150,8 @@ void Thread::sigreturn(Registers* current_regs)
 {
     memcpy(&regs, current_regs, sizeof(regs));
 
+    u64 rflags = current_regs->rflags;
+
     u64 rsp;
     pop_mem_from_stack((u8*)&rsp, sizeof(rsp));
     regs.rsp = rsp;
@@ -159,8 +161,7 @@ void Thread::sigreturn(Registers* current_regs)
     memcpy(&regs, current_regs, sizeof(regs));
     regs.cs = 0x18 | 3;
     regs.ss = 0x20 | 3;
-    // FIXME: Using this, a program can craft a special RFLAGS that gives them a higher IOPL or other stuff. Find out
-    // exactly what bits to block from modifying.
+    regs.rflags = (rflags & ~0xdff) | (regs.rflags & 0xdff);
 
     fp_data.restore();