KVM: emulator: drop RPL check from linearize() function

According to Intel SDM Vol3 Section 5.5 "Privilege Levels" and 5.6
"Privilege Level Checking When Accessing Data Segments" RPL checking is
done during loading of a segment selector, not during data access. We
already do checking during segment selector loading, so drop the check
during data access. Checking RPL during data access triggers #GP if
after transition from real mode to protected mode RPL bits in a segment
selector are set.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index c7547b3..a3d31e3 100644 (file)
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -665,7 +665,7 @@ static int __linearize(struct x86_emulate_ctxt *ctxt,
        ulong la;
        u32 lim;
        u16 sel;
-       unsigned cpl, rpl;
+       unsigned cpl;
 
        la = seg_base(ctxt, addr.seg) + addr.ea;
        switch (ctxt->mode) {
@@ -699,11 +699,6 @@ static int __linearize(struct x86_emulate_ctxt *ctxt,
                                goto bad;
                }
                cpl = ctxt->ops->cpl(ctxt);
-               if (ctxt->mode == X86EMUL_MODE_REAL)
-                       rpl = 0;
-               else
-                       rpl = sel & 3;
-               cpl = max(cpl, rpl);
                if (!(desc.type & 8)) {
                        /* data segment */
                        if (cpl > desc.dpl)