kvm: x86: Fix DPL write back of segment registers

Message ID	4D18A92C.5000303@web.de
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Message-ID: <4D18A92C.5000303@web.de> Date: Mon, 27 Dec 2010 15:56:44 +0100 From: Jan Kiszka <jan.kiszka@web.de> User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Avi Kivity <avi@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC334BFBE41425A03EAF75C54" Cc: qemu-devel <qemu-devel@nongnu.org>, kvm <kvm@vger.kernel.org> Subject: [Qemu-devel] [PATCH] kvm: x86: Fix DPL write back of segment registers Precedence: list Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

4D18A92C.5000303@web.de

State

New

Headers

Message-ID: <4D18A92C.5000303@web.de>
Date: Mon, 27 Dec 2010 15:56:44 +0100
From: Jan Kiszka <jan.kiszka@web.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de;
	rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12
	Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Avi Kivity <avi@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enigC334BFBE41425A03EAF75C54"
Cc: qemu-devel <qemu-devel@nongnu.org>, kvm <kvm@vger.kernel.org>
Subject: [Qemu-devel] [PATCH] kvm: x86: Fix DPL write back of segment
	registers
Precedence: list
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Jan Kiszka Dec. 27, 2010, 2:56 p.m. UTC

From: Jan Kiszka <jan.kiszka@siemens.com>

The DPL is stored in the flags and not in the selector. In fact, the RPL
may differ from the DPL at some point in time, and so we were corrupting
the guest state so far.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 target-i386/kvm.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Avi Kivity Dec. 27, 2010, 3:36 p.m. UTC | #1

On 12/27/2010 04:56 PM, Jan Kiszka wrote:
> From: Jan Kiszka<jan.kiszka@siemens.com>
>
> The DPL is stored in the flags and not in the selector. In fact, the RPL
> may differ from the DPL at some point in time, and so we were corrupting
> the guest state so far.
>

Applied to uq/master; thanks.

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 218812a..b3d7c54 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -602,7 +602,7 @@  static void set_seg(struct kvm_segment *lhs, const SegmentCache *rhs)
     lhs->limit = rhs->limit;
     lhs->type = (flags >> DESC_TYPE_SHIFT) & 15;
     lhs->present = (flags & DESC_P_MASK) != 0;
-    lhs->dpl = rhs->selector & 3;
+    lhs->dpl = (flags >> DESC_DPL_SHIFT) & 3;
     lhs->db = (flags >> DESC_B_SHIFT) & 1;
     lhs->s = (flags & DESC_S_MASK) != 0;
     lhs->l = (flags >> DESC_L_SHIFT) & 1;

kvm: x86: Fix DPL write back of segment registers

Commit Message

Comments

Patch