From c8cd198c4e3d76b305b65b3ac8bd2c76ad290774 Mon Sep 17 00:00:00 2001
From: Aiken Harris <harraiken91@gmail.com>
Date: Mon, 8 Jun 2026 13:40:20 +0200
Subject: [PATCH] Fix Task Register restoration by clearing busy bit in TSS
 descriptor

---
 xtoskrnl/ke/amd64/proc.cc | 4 ++++
 xtoskrnl/ke/i686/proc.cc  | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/xtoskrnl/ke/amd64/proc.cc b/xtoskrnl/ke/amd64/proc.cc
index 59da4a544..c5908d676 100644
--- a/xtoskrnl/ke/amd64/proc.cc
+++ b/xtoskrnl/ke/amd64/proc.cc
@@ -269,6 +269,10 @@ KE::Processor::RestoreProcessorControlState(IN PKPROCESSOR_STATE CpuState)
     AR::CpuFunctions::LoadGlobalDescriptorTable(&CpuState->SpecialRegisters.Gdtr.Limit);
     AR::CpuFunctions::LoadInterruptDescriptorTable(&CpuState->SpecialRegisters.Idtr.Limit);
     AR::CpuFunctions::LoadLocalDescriptorTable(CpuState->SpecialRegisters.Ldtr);
+
+    /* Force the TSS descriptor into a non-busy state and restore TaskRegister */
+    *(VOLATILE PUCHAR)((ULONG_PTR)CpuState->SpecialRegisters.Gdtr.Base + CpuState->SpecialRegisters.Tr + 5) &= ~0x02;
+    AR::CpuFunctions::LoadTaskRegister(CpuState->SpecialRegisters.Tr);
 }
 
 /**
diff --git a/xtoskrnl/ke/i686/proc.cc b/xtoskrnl/ke/i686/proc.cc
index d759a6855..068f93850 100644
--- a/xtoskrnl/ke/i686/proc.cc
+++ b/xtoskrnl/ke/i686/proc.cc
@@ -253,10 +253,13 @@ KE::Processor::RestoreProcessorControlState(IN PKPROCESSOR_STATE CpuState)
     AR::CpuFunctions::WriteDebugRegister(6, CpuState->SpecialRegisters.KernelDr6);
     AR::CpuFunctions::WriteDebugRegister(7, CpuState->SpecialRegisters.KernelDr7);
 
-    /* Restore GDT, IDT, LDT and TaskRegister */
+    /* Restore GDT, IDT and LDT */
     AR::CpuFunctions::LoadGlobalDescriptorTable(&CpuState->SpecialRegisters.Gdtr.Limit);
     AR::CpuFunctions::LoadInterruptDescriptorTable(&CpuState->SpecialRegisters.Idtr.Limit);
     AR::CpuFunctions::LoadLocalDescriptorTable(CpuState->SpecialRegisters.Ldtr);
+
+    /* Force the TSS descriptor into a non-busy state and restore TaskRegister */
+    *(VOLATILE PUCHAR)((ULONG_PTR)CpuState->SpecialRegisters.Gdtr.Base + CpuState->SpecialRegisters.Tr + 5) &= ~0x02;
     AR::CpuFunctions::LoadTaskRegister(CpuState->SpecialRegisters.Tr);
 }