i386: sysret and sysexit are privileged

Paolo Bonzini Tue, 20 Jun 2023 08:19:09 -0700

Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
 target/i386/tcg/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index 9aec7ec8288..c58f5f24ab3 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -5675,7 +5675,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
         /* For Intel SYSEXIT is valid on 64-bit */
         if (CODE64(s) && env->cpuid_vendor1 != CPUID_VENDOR_INTEL_1)
             goto illegal_op;
-        if (!PE(s)) {
+        if (!PE(s) || CPL(s) != 0) {
             gen_exception_gpf(s);
         } else {
             gen_helper_sysexit(cpu_env, tcg_constant_i32(dflag - 1));
@@ -5697,7 +5697,7 @@ static bool disas_insn(DisasContext *s, CPUState *cpu)
         gen_eob_worker(s, false, true);
         break;
     case 0x107: /* sysret */
-        if (!PE(s)) {
+        if (!PE(s) || CPL(s) != 0) {
             gen_exception_gpf(s);
         } else {
             gen_helper_sysret(cpu_env, tcg_constant_i32(dflag - 1));
-- 
2.40.1

[PATCH v2 07/10] target/i386: sysret and sysexit are privileged

Reply via email to