Advisory: XSA-191

Before XSA-191, Xen had several bugs with its handling of segments which shouldn't be eligible for use. Memory accesses through user segments and loads from the LDT both assumed that the segment was valid for use.

The behaviour of loading NULL segments (to invalidate a segment selector) is undocumented, and different across vendors. Experimentally,

On AMD, the base and limit fields are left stale, and the attributes are zeroed.
On Intel, the base is zeroed, the limit is set to maximum, and the attributes are set to a constant value.

This test sets up two scenarios which should fail with a #GP fault, and checks whether a fault is observed.

See also: tests/xsa-191/main.c