KVM: x86: Emulator performs code segment checks on read access

When read access is performed using a readable code segment, the "conforming" and "non-conforming" checks should not be done. As a result, read using non-conforming readable code segment fails. This is according to Intel SDM 5.6.1 ("Accessing Data in Code Segments"). The fix is not to perform the "non-conforming" checks if the access is not a fetch; the relevant checks are already done when loading the segment. Signed-off-by: Nadav Amit <[email protected]> Reviewed-by: Radim Krčmář <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
author: Nadav Amit <[email protected]> 2014-10-03 01:10:03 +0300
committer: Paolo Bonzini <[email protected]> 2014-11-03 12:07:25 +0100
commit: c49c759f7a68b70d2fed019760a66843b3df39b8 (patch)
tree: 74cbdd262839df571ed9ef86b6603fb0f1e0cb68
parent: 0e8a09969afb56b6bcdfe159f90a5fa20f831e85 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index bdd4197e31fa..cd2029bbab48 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -703,8 +703,8 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt,
 		if (size > *max_size)
 			goto bad;
 		cpl = ctxt->ops->cpl(ctxt);
-		if (!(desc.type & 8)) {
-			/* data segment */
+		if (!fetch) {
+			/* data segment or readable code segment */
 			if (cpl > desc.dpl)
 				goto bad;
 		} else if ((desc.type & 8) && !(desc.type & 4)) {
author	Nadav Amit <[email protected]>	2014-10-03 01:10:03 +0300
committer	Paolo Bonzini <[email protected]>	2014-11-03 12:07:25 +0100
commit	c49c759f7a68b70d2fed019760a66843b3df39b8 (patch)
tree	74cbdd262839df571ed9ef86b6603fb0f1e0cb68
parent	0e8a09969afb56b6bcdfe159f90a5fa20f831e85 (diff)