x86/emul: Correct the behaviour of pop %ss and interrupt shadowing

The mov_ss retire flag should only be set once load_seg() has returned
success.  In particular, it should not be set if an exception occured when
trying to load %ss.

_hvm_emulate_one(), currently the sole user of mov_ss, only consideres it in
the case that x86_emulate() returns X86EMUL_OKAY, so this bug isn't actually
exposed to guests.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 2ead6dbb466853bc51c970a1660511bee12be18b..bfcc05dff3ed8a2223536c7bb20a8b05ee8eaa58 100644 (file)
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2656,6 +2656,8 @@ x86_emulate(
                               &dst.val, op_bytes, ctxt, ops)) != 0 ||
              (rc = load_seg(src.val, dst.val, 0, NULL, ctxt, ops)) != 0 )
             goto done;
+        if ( src.val == x86_seg_ss )
+            ctxt->retire.mov_ss = true;
         break;
 
     case 0x0e: /* push %%cs */
@@ -2668,7 +2670,6 @@ x86_emulate(
 
     case 0x17: /* pop %%ss */
         src.val = x86_seg_ss;
-        ctxt->retire.mov_ss = true;
         goto pop_seg;
 
     case 0x1e: /* push %%ds */