From 96e99e3a720d7a527dc365b90d8a2087c41390ce Mon Sep 17 00:00:00 2001
From: Yin Fengwei <fengwei.yin@intel.com>
Date: Tue, 7 Aug 2018 16:25:13 +0800
Subject: [PATCH] hv: use more reliable method to get guest DPL.

The DPL from SS access right field is always correct according
to SDM. We use it instead of using CS selector.

Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
---
 hypervisor/arch/x86/guest/guest.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/hypervisor/arch/x86/guest/guest.c b/hypervisor/arch/x86/guest/guest.c
index ef837dbad..d7a590908 100644
--- a/hypervisor/arch/x86/guest/guest.c
+++ b/hypervisor/arch/x86/guest/guest.c
@@ -284,7 +284,16 @@ int gva2gpa(struct vcpu *vcpu, uint64_t gva, uint64_t *gpa,
 	pw_info.level = pm;
 	pw_info.is_write_access = ((*err_code & PAGE_FAULT_WR_FLAG) != 0U);
 	pw_info.is_inst_fetch = ((*err_code & PAGE_FAULT_ID_FLAG) != 0U);
-	pw_info.is_user_mode = ((exec_vmread16(VMX_GUEST_CS_SEL) & 0x3U) == 3U);
+
+	/* SDM vol3 27.3.2
+	 * If the segment register was unusable, the base, select and some
+	 * bits of access rights are undefined. With the exception of
+	 * DPL of SS
+	 * and others.
+	 * So we use DPL of SS access rights field for guest DPL.
+	 */
+	pw_info.is_user_mode =
+		(((exec_vmread32(VMX_GUEST_SS_ATTR)>>5) & 0x3U) == 3U);
 	pw_info.pse = true;
 	pw_info.nxe = ((vcpu_get_efer(vcpu) & MSR_IA32_EFER_NXE_BIT) != 0UL);
 	pw_info.wp = ((vcpu_get_cr0(vcpu) & CR0_WP) != 0UL);