Some things to consider:

* It's important to note that a null selector need only have an index of
0; the privilege level can be anything.  But also note that only the GDT
has a null entry.  Since we only allow selectors in the LDT, it does not
matter whether or not the index is 0.

* I am truly baffled why if ISPL(sel) == SEL_UPL you decided not to check
that the selector is within the bounds of the LDT.  It's also not clear
to me whether or not we even need to check the RPL; I think we are not
relying on it for protection.  But it's safest to leave that in.

I believe a more appropriate check would be:

#define max_ldt_sel(pcb) \
        ((pcb)->pcb_ldt ? (pcb)->pcb_ldt_len : (sizeof(ldt) / sizeof(ldt[0])))

#define valid_ldt_sel(sel) \
        (ISLDT(sel) && ISPL(sel) == SEL_UPL && \
         IDXSEL(sel) < max_ldt_sel(&p->p_addr->u_pcb))

        if ((scp->sc_cs&0xffff != _ucodesel && !valid_ldt_sel(scp->sc_cs)) ||
            (scp->sc_ss&0xffff != _udatasel && !valid_ldt_sel(scp->sc_ss)) ||
            (scp->sc_ds&0xffff != _udatasel && !valid_ldt_sel(scp->sc_ds)) ||
            (scp->sc_ds&0xffff != _udatasel && !valid_ldt_sel(scp->sc_ds)))
                trapsignal(p, SIGBUS, T_PROTFLT);
                return(EINVAL);
        }


------------------------------------------------------------------------------