From 26fd181703c557965d06739e1a0292cea7088ea9 Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Fri, 7 Aug 2009 09:54:43 +0100
Subject: [PATCH] x86_emulate: protmode_load_seg() cannot load system segments
 in long mode.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
---
 xen/arch/x86/x86_emulate/x86_emulate.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index de14199b1f..8fa5fd400b 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -1037,8 +1037,17 @@ protmode_load_seg(
         goto raise_exn;
     }
 
-    /* System segments must have the system flag (S) set. */
-    if ( (desc.b & (1u<<12)) == (!is_x86_user_segment(seg) << 12) )
+    if ( !is_x86_user_segment(seg) )
+    {
+        /* System segments must have S flag == 0. */
+        if ( desc.b & (1u << 12) )
+            goto raise_exn;
+        /* We do not support 64-bit descriptor types. */
+        if ( in_longmode(ctxt, ops) )
+            return X86EMUL_UNHANDLEABLE;
+    }
+    /* User segments must have S flag == 1. */
+    else if ( !(desc.b & (1u << 12)) )
         goto raise_exn;
 
     dpl = (desc.b >> 13) & 3;
-- 
2.30.2