diff options
| author | Nadav Amit <namit@cs.technion.ac.il> | 2014-10-03 01:10:03 +0300 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2014-11-03 12:07:25 +0100 |
| commit | c49c759f7a68b70d2fed019760a66843b3df39b8 (patch) | |
| tree | 74cbdd262839df571ed9ef86b6603fb0f1e0cb68 /arch | |
| parent | 0e8a09969afb56b6bcdfe159f90a5fa20f831e85 (diff) | |
| download | linux-c49c759f7a68b70d2fed019760a66843b3df39b8.tar.gz linux-c49c759f7a68b70d2fed019760a66843b3df39b8.tar.bz2 linux-c49c759f7a68b70d2fed019760a66843b3df39b8.zip | |
KVM: x86: Emulator performs code segment checks on read access
When read access is performed using a readable code segment, the "conforming"
and "non-conforming" checks should not be done. As a result, read using
non-conforming readable code segment fails.
This is according to Intel SDM 5.6.1 ("Accessing Data in Code Segments").
The fix is not to perform the "non-conforming" checks if the access is not a
fetch; the relevant checks are already done when loading the segment.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86/kvm/emulate.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index bdd4197e31fa..cd2029bbab48 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -703,8 +703,8 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt, if (size > *max_size) goto bad; cpl = ctxt->ops->cpl(ctxt); - if (!(desc.type & 8)) { - /* data segment */ + if (!fetch) { + /* data segment or readable code segment */ if (cpl > desc.dpl) goto bad; } else if ((desc.type & 8) && !(desc.type & 4)) { |