From: Tim Deegan <tim@xen.org>
Date: Tue, 26 Nov 2013 08:54:21 +0000 (+0100)
Subject: x86/hvm: fix segment validation
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~5868
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=6ed4bfbabd487b41021caa7ed03cee1f00ecbabf;p=xen.git

x86/hvm: fix segment validation

Also Coverity CID 1055180.

Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Tim Deegan <tim@xen.org>

Use _SEGMENT_* instead of plain numbers and adjust a comment.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 0094c62cb3..d80c166ed6 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -2280,7 +2280,7 @@ static int hvm_load_segment_selector(
             if ( !(desc.b & (1u<<11)) )
                 goto unmap_and_fail;
             /* Non-conforming segment: check DPL against RPL. */
-            if ( ((desc.b & (6u<<9)) != 6) && (dpl != rpl) )
+            if ( !(desc.b & _SEGMENT_EC) && (dpl != rpl) )
                 goto unmap_and_fail;
             break;
         case x86_seg_ss:
@@ -2299,8 +2299,13 @@ static int hvm_load_segment_selector(
             /* Readable code or data segment? */
             if ( (desc.b & (5u<<9)) == (4u<<9) )
                 goto unmap_and_fail;
-            /* Non-conforming segment: check DPL against RPL and CPL. */
-            if ( ((desc.b & (6u<<9)) != 6) && ((dpl < cpl) || (dpl < rpl)) )
+            /*
+             * Data or non-conforming code segment:
+             * check DPL against RPL and CPL.
+             */
+            if ( ((desc.b & (_SEGMENT_EC|_SEGMENT_CODE)) !=
+                  (_SEGMENT_EC|_SEGMENT_CODE))
+                 && ((dpl < cpl) || (dpl < rpl)) )
                 goto unmap_and_fail;
             break;
         }