Commit c49c759f authored by Nadav Amit's avatar Nadav Amit Committed by Paolo Bonzini

KVM: x86: Emulator performs code segment checks on read access

When read access is performed using a readable code segment, the "conforming"
and "non-conforming" checks should not be done.  As a result, read using
non-conforming readable code segment fails.

This is according to Intel SDM 5.6.1 ("Accessing Data in Code Segments").

The fix is not to perform the "non-conforming" checks if the access is not a
fetch; the relevant checks are already done when loading the segment.
Signed-off-by: default avatarNadav Amit <namit@cs.technion.ac.il>
Reviewed-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 0e8a0996
...@@ -703,8 +703,8 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, ...@@ -703,8 +703,8 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt,
if (size > *max_size) if (size > *max_size)
goto bad; goto bad;
cpl = ctxt->ops->cpl(ctxt); cpl = ctxt->ops->cpl(ctxt);
if (!(desc.type & 8)) { if (!fetch) {
/* data segment */ /* data segment or readable code segment */
if (cpl > desc.dpl) if (cpl > desc.dpl)
goto bad; goto bad;
} else if ((desc.type & 8) && !(desc.type & 4)) { } else if ((desc.type & 8) && !(desc.type & 4)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment