When loading code segment descriptor in iret instruction emulation, the checks are same as far return instruction emulation, so transfer type should be X86_TRANSFER_RET in __load_segment_descriptor(). Although, only iret in real mode is implemented now, and no checks are actually needed for real mode, it would still be better to mark transfer type as X86_TRANSFER_RET. No functional change intended. Signed-off-by: Hou Wenlong <houwenlong.hwl@xxxxxxxxxxxx> --- arch/x86/kvm/emulate.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 3b27622d4642..5052eb480068 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -2100,6 +2100,7 @@ static int emulate_iret_real(struct x86_emulate_ctxt *ctxt) X86_EFLAGS_FIXED; unsigned long vm86_mask = X86_EFLAGS_VM | X86_EFLAGS_VIF | X86_EFLAGS_VIP; + u8 cpl = ctxt->ops->cpl(ctxt); /* TODO: Add stack limit check */ @@ -2121,7 +2122,8 @@ static int emulate_iret_real(struct x86_emulate_ctxt *ctxt) if (rc != X86EMUL_CONTINUE) return rc; - rc = load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS); + rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, cpl, + X86_TRANSFER_RET, NULL); if (rc != X86EMUL_CONTINUE) return rc; -- 2.31.1
