KVM: x86: Emulate should check #UD before #GP

Intel SDM table 6-2 ("Priority Among Simultaneous Exceptions and Interrupts")
shows that faults from decoding the next instruction got higher priority than
general protection.  Moving the protected-mode check before the CPL check to
avoid wrong exception on vm86 mode.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

1 files changed, 6 insertions, 6 deletions

diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index c1e71873e0c7..a8fcec6b7063 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -4801,6 +4801,12 @@ int x86_emulate_insn(struct x86_emulate_ctxt *ctxt)
                                 goto done;
                 }
 
+                /* Instruction can only be executed in protected mode */
+                if ((ctxt->d & Prot) && ctxt->mode < X86EMUL_MODE_PROT16) {
+                        rc = emulate_ud(ctxt);
+                        goto done;
+                }
+
                 /* Privileged instruction can be executed only in CPL=0 */
                 if ((ctxt->d & Priv) && ops->cpl(ctxt)) {
                         if (ctxt->d & PrivUD)
@@ -4810,12 +4816,6 @@ int x86_emulate_insn(struct x86_emulate_ctxt *ctxt)
                         goto done;
                 }
 
-                /* Instruction can only be executed in protected mode */
-                if ((ctxt->d & Prot) && ctxt->mode < X86EMUL_MODE_PROT16) {
-                        rc = emulate_ud(ctxt);
-                        goto done;
-                }
-
                 /* Do instruction specific permission checks */
                 if (ctxt->d & CheckPerm) {
                         rc = ctxt->check_perm(ctxt);