From a615c2df92d6b5e5a18495f49813505347f93df9 Mon Sep 17 00:00:00 2001
From: Avi Kivity <avi@redhat.com>
Date: Thu, 7 Jun 2012 17:03:42 +0300
Subject: [PATCH] --- yaml --- r: 315874 b: refs/heads/master c:
 79d5b4c3cd809c770d4bf9812635647016c56011 h: refs/heads/master v: v3

---
 [refs]                       |  2 +-
 trunk/arch/x86/kvm/emulate.c | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/[refs] b/[refs]
index 4cdad890efa2..a5785e0d6b4a 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 6d6eede4a0492c7478d44d7c8fae80c3bcf529d9
+refs/heads/master: 79d5b4c3cd809c770d4bf9812635647016c56011
diff --git a/trunk/arch/x86/kvm/emulate.c b/trunk/arch/x86/kvm/emulate.c
index db95a55d5936..fe4340f62137 100644
--- a/trunk/arch/x86/kvm/emulate.c
+++ b/trunk/arch/x86/kvm/emulate.c
@@ -1324,8 +1324,14 @@ static int load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
 		goto load;
 	}
 
-	/* NULL selector is not valid for TR, CS and SS */
-	if ((seg == VCPU_SREG_CS || seg == VCPU_SREG_SS || seg == VCPU_SREG_TR)
+	rpl = selector & 3;
+	cpl = ctxt->ops->cpl(ctxt);
+
+	/* NULL selector is not valid for TR, CS and SS (except for long mode) */
+	if ((seg == VCPU_SREG_CS
+	     || (seg == VCPU_SREG_SS
+		 && (ctxt->mode != X86EMUL_MODE_PROT64 || rpl != cpl))
+	     || seg == VCPU_SREG_TR)
 	    && null_selector)
 		goto exception;
 
@@ -1352,9 +1358,7 @@ static int load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
 		goto exception;
 	}
 
-	rpl = selector & 3;
 	dpl = seg_desc.dpl;
-	cpl = ctxt->ops->cpl(ctxt);
 
 	switch (seg) {
 	case VCPU_SREG_SS: