On Wed, May 21, 2014 at 01:13:21PM +0200, Paolo Bonzini wrote: > Il 20/05/2014 23:54, Kevin O'Connor ha scritto: > >On Fri, May 16, 2014 at 09:59:25PM +0200, Paolo Bonzini wrote: > >>CS.RPL is not equal to the CPL in the few instructions between > >>setting CR0.PE and reloading CS. We get this right in the common > >>case, because writes to CR0 do not modify the CPL, but it would > >>not be enough if an SMI comes exactly during that brief period. > >>Were this to happen, the RSM instruction would erroneously set > >>CPL to the low two bits of the real-mode selector; and if they are > >>not 00, the next instruction fetch cannot access the code segment > >>and causes a triple fault. > >> > >>However, SS.DPL *is* always equal to the CPL. In real processors > >>(AMD only) there is a weird case of SYSRET setting SS.DPL=SS.RPL > >>from the STAR register while forcing CPL=3, but we do not emulate > >>that. > > > >I was in the process of testing something else, when I encountered a > >problem with an old MSDOS 6.22 floppy I had. I tracked it down to an > >error in one of the commits I did in this series (I sent a fix in a > >separate email for it). > > > >Unfortunately, after I fixed the problem in my patch, your patch above > >breaks it again. I think it's another VM86 thing. > > > >Steps to reproduce: > > > >1 - grab the DOS 6.22 floppy from: http://bootdisk.com/bootdisk.htm > > > >2 - boot it up and add emm386.exe to config.sys ("edit config.sys" and > >add "DEVICE=EMM386.EXE" on the second line of the file). > > > >3 - reboot with modified config.sys > > I cannot reproduce this. I can see the breakage with current master, and I > can see your patch fixing it. It keeps working with these changes. Please > try branch cpl-queue at git://github.com/bonzini/qemu.git and see if it > works for you too.
Apologies - somehow your patch 1 got misapplied to my tree. Testing with the tree above works fine. -Kevin
