File 54216882-x86-emulate-check-cpl-for-all-privileged-instructions.patch of Package xen.196

References: bnc#895799 CVE-2014-7155 XSA-105

# Commit 0e442727ceccfa32a7276cccd205b4722e68fdc1
# Date 2014-09-23 14:33:06 +0200
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/emulate: check cpl for all privileged instructions

Without this, it is possible for userspace to load its own IDT or GDT.

This is XSA-105.

Reported-by: Andrei LUTAS <vlutas@bitdefender.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Andrei LUTAS <vlutas@bitdefender.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -3314,6 +3314,7 @@ x86_emulate(
         goto swint;
 
     case 0xf4: /* hlt */
+        generate_exception_if(!mode_ring0(), EXC_GP, 0);
         ctxt->retire.flags.hlt = 1;
         break;
 
@@ -3710,6 +3711,7 @@ x86_emulate(
             break;
         case 2: /* lgdt */
         case 3: /* lidt */
+            generate_exception_if(!mode_ring0(), EXC_GP, 0);
             generate_exception_if(ea.type != OP_MEM, EXC_UD, -1);
             fail_if(ops->write_segment == NULL);
             memset(&reg, 0, sizeof(reg));
@@ -3738,6 +3740,7 @@ x86_emulate(
         case 6: /* lmsw */
             fail_if(ops->read_cr == NULL);
             fail_if(ops->write_cr == NULL);
+            generate_exception_if(!mode_ring0(), EXC_GP, 0);
             if ( (rc = ops->read_cr(0, &cr0, ctxt)) )
                 goto done;
             if ( ea.type == OP_REG )