kvm: x86: Fix DPL write back of segment registers

Submitted by Jan Kiszka on Dec. 27, 2010, 2:56 p.m.

Details

Message ID 4D18A92C.5000303@web.de
State New
Headers show

Commit Message

Jan Kiszka Dec. 27, 2010, 2:56 p.m.
From: Jan Kiszka <jan.kiszka@siemens.com>

The DPL is stored in the flags and not in the selector. In fact, the RPL
may differ from the DPL at some point in time, and so we were corrupting
the guest state so far.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 target-i386/kvm.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Avi Kivity Dec. 27, 2010, 3:36 p.m.
On 12/27/2010 04:56 PM, Jan Kiszka wrote:
> From: Jan Kiszka<jan.kiszka@siemens.com>
>
> The DPL is stored in the flags and not in the selector. In fact, the RPL
> may differ from the DPL at some point in time, and so we were corrupting
> the guest state so far.
>

Applied to uq/master; thanks.

Patch hide | download patch | download mbox

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 218812a..b3d7c54 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -602,7 +602,7 @@  static void set_seg(struct kvm_segment *lhs, const SegmentCache *rhs)
     lhs->limit = rhs->limit;
     lhs->type = (flags >> DESC_TYPE_SHIFT) & 15;
     lhs->present = (flags & DESC_P_MASK) != 0;
-    lhs->dpl = rhs->selector & 3;
+    lhs->dpl = (flags >> DESC_DPL_SHIFT) & 3;
     lhs->db = (flags >> DESC_B_SHIFT) & 1;
     lhs->s = (flags & DESC_S_MASK) != 0;
     lhs->l = (flags >> DESC_L_SHIFT) & 1;