From nobody Sat May 18 19:12:47 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1603361813; cv=none;
	d=zohomail.com; s=zohoarc;
	b=OnGsfAAZFUNqPdYolp8DHL0vxp19bDcVgnmWCT67oX9TYw4FSbYBfp4tAIOnVqLPvBbZN6KA+P6J6XfiRnotNOQwmOAMy7EX76bjaO2cZ2+TKvoO9Rs6ORvPMD78Flwn3eiJ9kR0C+X3+2okYwM30JFTq+fXR2u89hmUV4D3+4A=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1603361813;
 h=Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:Sender:Subject:To;
	bh=/mU1ILRS8rfSLtKIKKtvN0NpPwtch42REJWHZodQfho=;
	b=fJa7dkCpcrX6km7aOni2MdScDMBgEWGjZqFYZS6DEW01c8mKh4o48+UPLtO3SVn7dFX+UhYJIycAQxI4X2RCuhEUT+N2S9R77oZEh0zDsxaw78vvTa+lyecXVilyF0HWTBKXRLbvEKG/5W2LyVf8j0DUXCM7iu3YGZMKyg4s9ns=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<bmeng.cn@gmail.com> (p=none dis=none)
 header.from=<bmeng.cn@gmail.com>
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 160336181386410.715784048904084;
 Thu, 22 Oct 2020 03:16:53 -0700 (PDT)
Received: from localhost ([::1]:39510 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1kVXeO-0000eg-QS
	for importer@patchew.org; Thu, 22 Oct 2020 06:16:52 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47472)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bmeng.cn@gmail.com>)
 id 1kVXdn-0000EZ-Hp
 for qemu-devel@nongnu.org; Thu, 22 Oct 2020 06:16:15 -0400
Received: from mail-pj1-x1043.google.com ([2607:f8b0:4864:20::1043]:40726)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <bmeng.cn@gmail.com>)
 id 1kVXdl-0004hS-Th
 for qemu-devel@nongnu.org; Thu, 22 Oct 2020 06:16:15 -0400
Received: by mail-pj1-x1043.google.com with SMTP id l2so729391pjt.5
 for <qemu-devel@nongnu.org>; Thu, 22 Oct 2020 03:16:13 -0700 (PDT)
Received: from pek-vx-bsp2.wrs.com (unknown-224-80.windriver.com.
 [147.11.224.80])
 by smtp.gmail.com with ESMTPSA id c13sm1639349pfo.35.2020.10.22.03.16.09
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 22 Oct 2020 03:16:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id;
 bh=/mU1ILRS8rfSLtKIKKtvN0NpPwtch42REJWHZodQfho=;
 b=r2UnRY9/+GaMysxcN4EuHBf/zm72f5DLKYFWiD5FBVLbgJ7VJ/fxgoJwAWhXIia8NE
 0toNJWhay8NjYHVj+Xsm+B7wI2BAYfBE14JhZCawuNtkS1tzQJC/5V/dF64DilIVrFoB
 su1AJIRT6bSHWzanVzbS/yl9PgOnl9Bf4tGMrYBE+6/aD5nKeZg+Kf45YUeXcDcVp6Bd
 O9gDa3/8pTNy+zwJoXEZkRI+RhBZkOqC0TQ7GWWKVm4L5/n7FTDU997itvvnR6I3Ltlm
 aAaCDhmMsJ6ggpUb3Knqj2foX/rg4OpLkD1suotp0AlStTfLpCENPJKhCmIoU4gpCAjK
 Eo8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=/mU1ILRS8rfSLtKIKKtvN0NpPwtch42REJWHZodQfho=;
 b=EcpLiNZ5cD4ZgbS6pd74gDTURvfwHsl1f7UuVCd3G1ZkTGrLsttTz/YibeQHSbLbxK
 osSXuZ2rtgEh6CiWflxQqDwmmFXw4SfdBJdbqtAlh+6M3zVgcBQS0FJPRWn91A+vsBSQ
 cQyzhsrBKQgP8eXsgoCKQxRS7OpdVtTAmdLkbSK3Hylj3dDjs6kvIFXZbws+fh0c98ci
 jN+HuTVUjpmojbeof0BC4SkaiRia8fMBmmY1yHJZDTdeibiLHwLp7PTX9WYC+fUYYEtW
 Nlv4xu5MGx/8p88GWcoaJloWJYJZ3/AJsWEQ6mrFWtO0mmPYwxujU4tLEMtopfKoKwRO
 Q5uQ==
X-Gm-Message-State: AOAM533BMXksKjwvlfkdgsEBGKH4Az3vwB1CEAiK+9LDXKzAL6DREZ1Q
 yM/X48HHvyxgJzosq7hzIvU=
X-Google-Smtp-Source: 
 ABdhPJzUpYcG6i+DjmJz7wQeD8QddB83x9az/VEUONMEwVDQX8oexnXj9/Yxft5kFewDVDc6uzI0Lw==
X-Received: by 2002:a17:90a:e147:: with SMTP id
 ez7mr1754836pjb.72.1603361772252;
 Thu, 22 Oct 2020 03:16:12 -0700 (PDT)
From: Bin Meng <bmeng.cn@gmail.com>
To: Eduardo Habkost <ehabkost@redhat.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
 Richard Henderson <rth@twiddle.net>, qemu-devel@nongnu.org
Subject: [PATCH] target/i386: seg_helper: Correct segement selector
 nullification in the RET/IRET helper
Date: Thu, 22 Oct 2020 18:16:02 +0800
Message-Id: <1603361762-43062-1-git-send-email-bmeng.cn@gmail.com>
X-Mailer: git-send-email 2.7.4
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=2607:f8b0:4864:20::1043;
 envelope-from=bmeng.cn@gmail.com; helo=mail-pj1-x1043.google.com
X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache.
 That's all we know.
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Bin Meng <bin.meng@windriver.com>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

From: Bin Meng <bin.meng@windriver.com>

Per the SDM, when returning to outer privilege level, for segment
registers (ES, FS, GS, and DS) if the check fails, the segment
selector becomes null, but QEMU clears the base/limit/flags as well
as nullifying the segment selector, which should be a spec violation.

Real hardware seems to be compliant with the spec, at least on one
Coffee Lake board I tested.

Signed-off-by: Bin Meng <bin.meng@windriver.com>
---

 target/i386/seg_helper.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/target/i386/seg_helper.c b/target/i386/seg_helper.c
index be88938..d8766d8 100644
--- a/target/i386/seg_helper.c
+++ b/target/i386/seg_helper.c
@@ -2108,7 +2108,10 @@ static inline void validate_seg(CPUX86State *env, in=
t seg_reg, int cpl)
     if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) {
         /* data or non conforming code segment */
         if (dpl < cpl) {
-            cpu_x86_load_seg_cache(env, seg_reg, 0, 0, 0, 0);
+            cpu_x86_load_seg_cache(env, seg_reg, 0,
+                                   env->segs[seg_reg].base,
+                                   env->segs[seg_reg].limit,
+                                   env->segs[seg_reg].flags);
         }
     }
 }
--=20
2.7.4