KVM: x86: Emulator performs code segment checks on read access

When read access is performed using a readable code segment, the "conforming"
and "non-conforming" checks should not be done.  As a result, read using
non-conforming readable code segment fails.

This is according to Intel SDM 5.6.1 ("Accessing Data in Code Segments").

The fix is not to perform the "non-conforming" checks if the access is not a
fetch; the relevant checks are already done when loading the segment.

Signed-off-by: Nadav Amit <[email protected]>
Reviewed-by: Radim Krčmář <[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index bdd4197e31faa8640c1ad16491085cec5e5adc98..cd2029bbab485d7e306b8680283139759ee4f501 100644 (file)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -703,8 +703,8 @@ static __always_inline int __linearize(struct x86_emulate_ctxt *ctxt,
                if (size > *max_size)
                        goto bad;
                cpl = ctxt->ops->cpl(ctxt);
-               if (!(desc.type & 8)) {
-                       /* data segment */
+               if (!fetch) {
+                       /* data segment or readable code segment */
                        if (cpl > desc.dpl)
                                goto bad;
                } else if ((desc.type & 8) && !(desc.type & 4)) {