x86/hvm: fix segment validation

Also Coverity CID 1055180.

Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Tim Deegan <tim@xen.org>
Use _SEGMENT_* instead of plain numbers and adjust a comment.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 0094c62cb3ea41f893b672620e44d0082c1f57a9..d80c166ed6c956c62fc36dde43be88eda9b9152e 100644 (file)
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -2280,7 +2280,7 @@ static int hvm_load_segment_selector(
             if ( !(desc.b & (1u<<11)) )
                 goto unmap_and_fail;
             /* Non-conforming segment: check DPL against RPL. */
-            if ( ((desc.b & (6u<<9)) != 6) && (dpl != rpl) )
+            if ( !(desc.b & _SEGMENT_EC) && (dpl != rpl) )
                 goto unmap_and_fail;
             break;
         case x86_seg_ss:
@@ -2299,8 +2299,13 @@ static int hvm_load_segment_selector(
             /* Readable code or data segment? */
             if ( (desc.b & (5u<<9)) == (4u<<9) )
                 goto unmap_and_fail;
-            /* Non-conforming segment: check DPL against RPL and CPL. */
-            if ( ((desc.b & (6u<<9)) != 6) && ((dpl < cpl) || (dpl < rpl)) )
+            /*
+             * Data or non-conforming code segment:
+             * check DPL against RPL and CPL.
+             */
+            if ( ((desc.b & (_SEGMENT_EC|_SEGMENT_CODE)) !=
+                  (_SEGMENT_EC|_SEGMENT_CODE))
+                 && ((dpl < cpl) || (dpl < rpl)) )
                 goto unmap_and_fail;
             break;
         }