On 2012-12-20 15:57, Gleb Natapov wrote: > According to Intel SDM Vol3 Section 5.5 "Privilege Levels" and 5.6 > "Privilege Level Checking When Accessing Data Segments" RPL checking is > done during loading of a segment selector, not during data access. We > already do checking during segment selector loading, so drop the check > during data access. Checking RPL during data access triggers #GP if > after transition from real mode to protected mode RPL bits in a segment > selector are set. > > Signed-off-by: Gleb Natapov <[email protected]> > --- > arch/x86/kvm/emulate.c | 7 +------ > 1 file changed, 1 insertion(+), 6 deletions(-) > > diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c > index c7547b3..a3d31e3 100644 > --- a/arch/x86/kvm/emulate.c > +++ b/arch/x86/kvm/emulate.c > @@ -665,7 +665,7 @@ static int __linearize(struct x86_emulate_ctxt *ctxt, > ulong la; > u32 lim; > u16 sel; > - unsigned cpl, rpl; > + unsigned cpl; > > la = seg_base(ctxt, addr.seg) + addr.ea; > switch (ctxt->mode) { > @@ -699,11 +699,6 @@ static int __linearize(struct x86_emulate_ctxt *ctxt, > goto bad; > } > cpl = ctxt->ops->cpl(ctxt); > - if (ctxt->mode == X86EMUL_MODE_REAL) > - rpl = 0; > - else > - rpl = sel & 3; > - cpl = max(cpl, rpl); > if (!(desc.type & 8)) { > /* data segment */ > if (cpl > desc.dpl) >
I suppose this one is queued for 3.8 and stable already, right? We happen to hit the case reliably while booting an older SUSE guest on an AMD host. Jan -- Siemens AG, Corporate Technology, CT RTC ITP SDP-DE Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
