A triple fault is a special kind of exception generated by the CPU when an exception occurs while the CPU is trying to invoke the double fault exception handler, which itself handles exceptions occurring while trying to invoke a regular exception handler.
x86 processors beginning with the 80286 will cause a shutdown cycle to occur when a triple fault is encountered. This typically causes the motherboard hardware to initiate a CPU reset which in turn causes the whole computer to reboot.
Contents |
Triple faults indicate a problem with the operating system kernel or device drivers. In modern operating systems, a triple fault is typically caused by a buffer overflow or underflow in a device driver which writes over the interrupt descriptor table. When the next interrupt happens, the processor cannot call either the needed interrupt handler or the double fault handler because the descriptors in the IDT are corrupted.
In QEMU, a triple fault produces a dump of the virtual machine in the console, with the instruction pointer set to the instruction that triggered the first exception.
The Intel 80286 processor was the first to introduce the now-ubiquitous protected mode. However, the 286 could not revert to the basic 8086-compatible "real mode" without resetting the processor. The documented method of doing this was to use a special function on the Intel 8042 keyboard controller, which would assert the RESET pin of the processor. However, intentionally triple-faulting the CPU was found to cause the transition to occur much faster and more cleanly, permitting multitasking operating systems to switch back and forth at high speed.[1]
Some operating system kernels, such as Linux, still use triple faults as a last effort in their rebooting process if an ACPI reboot fails. This is done by setting the IDTR register to 0 and then issuing an interrupt. Since the table now has length 0, all attempts to access it fail and the processor generates a triple fault.