Commit 89984cd2e5e70e23b63109988c1156c76a31121d
1 parent
ee097184
segment validation fix in lret/iret
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1684 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
1 changed file
with
5 additions
and
5 deletions
target-i386/helper.c
| ... | ... | @@ -1584,7 +1584,7 @@ void load_seg(int seg_reg, int selector) |
| 1584 | 1584 | |
| 1585 | 1585 | if (!(e2 & DESC_CS_MASK) || !(e2 & DESC_C_MASK)) { |
| 1586 | 1586 | /* if not conforming code, test rights */ |
| 1587 | - if (dpl < cpl || dpl < rpl) | |
| 1587 | + if (dpl < cpl || dpl < rpl) | |
| 1588 | 1588 | raise_exception_err(EXCP0D_GPF, selector & 0xfffc); |
| 1589 | 1589 | } |
| 1590 | 1590 | } |
| ... | ... | @@ -2152,10 +2152,10 @@ static inline void helper_ret_protected(int shift, int is_iret, int addend) |
| 2152 | 2152 | sp_mask = get_sp_mask(ss_e2); |
| 2153 | 2153 | |
| 2154 | 2154 | /* validate data segments */ |
| 2155 | - validate_seg(R_ES, cpl); | |
| 2156 | - validate_seg(R_DS, cpl); | |
| 2157 | - validate_seg(R_FS, cpl); | |
| 2158 | - validate_seg(R_GS, cpl); | |
| 2155 | + validate_seg(R_ES, rpl); | |
| 2156 | + validate_seg(R_DS, rpl); | |
| 2157 | + validate_seg(R_FS, rpl); | |
| 2158 | + validate_seg(R_GS, rpl); | |
| 2159 | 2159 | |
| 2160 | 2160 | sp += addend; |
| 2161 | 2161 | } | ... | ... |