From: Keir Fraser <keir.fraser@citrix.com>
Date: Fri, 7 Aug 2009 08:54:43 +0000 (+0100)
Subject: x86_emulate: protmode_load_seg() cannot load system segments in long mode.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~13507
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=26fd181703c557965d06739e1a0292cea7088ea9;p=xen.git

x86_emulate: protmode_load_seg() cannot load system segments in long mode.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
---

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index de14199b1f..8fa5fd400b 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -1037,8 +1037,17 @@ protmode_load_seg(
         goto raise_exn;
     }
 
-    /* System segments must have the system flag (S) set. */
-    if ( (desc.b & (1u<<12)) == (!is_x86_user_segment(seg) << 12) )
+    if ( !is_x86_user_segment(seg) )
+    {
+        /* System segments must have S flag == 0. */
+        if ( desc.b & (1u << 12) )
+            goto raise_exn;
+        /* We do not support 64-bit descriptor types. */
+        if ( in_longmode(ctxt, ops) )
+            return X86EMUL_UNHANDLEABLE;
+    }
+    /* User segments must have S flag == 1. */
+    else if ( !(desc.b & (1u << 12)) )
         goto raise_exn;
 
     dpl = (desc.b >> 13) & 3;