Re: [Qemu-devel] [PATCH 3/3] target-i386: get CPL from SS.DPL

[Paolo Bonzini <pbonzini@redhat.com>]

Il 20/05/2014 23:54, Kevin O'Connor ha scritto:
> On Fri, May 16, 2014 at 09:59:25PM +0200, Paolo Bonzini wrote:
>> CS.RPL is not equal to the CPL in the few instructions between
>> setting CR0.PE and reloading CS.  We get this right in the common
>> case, because writes to CR0 do not modify the CPL, but it would
>> not be enough if an SMI comes exactly during that brief period.
>> Were this to happen, the RSM instruction would erroneously set
>> CPL to the low two bits of the real-mode selector; and if they are
>> not 00, the next instruction fetch cannot access the code segment
>> and causes a triple fault.
>>
>> However, SS.DPL *is* always equal to the CPL.  In real processors
>> (AMD only) there is a weird case of SYSRET setting SS.DPL=SS.RPL
>> from the STAR register while forcing CPL=3, but we do not emulate
>> that.
>
> I was in the process of testing something else, when I encountered a
> problem with an old MSDOS 6.22 floppy I had.  I tracked it down to an
> error in one of the commits I did in this series (I sent a fix in a
> separate email for it).
>
> Unfortunately, after I fixed the problem in my patch, your patch above
> breaks it again.  I think it's another VM86 thing.
>
> Steps to reproduce:
>
> 1 - grab the DOS 6.22 floppy from: http://bootdisk.com/bootdisk.htm
>
> 2 - boot it up and add emm386.exe to config.sys ("edit config.sys" and
> add "DEVICE=EMM386.EXE" on the second line of the file).
>
> 3 - reboot with modified config.sys

I cannot reproduce this.  I can see the breakage with current master, 
and I can see your patch fixing it.  It keeps working with these 
changes.  Please try branch cpl-queue at 
git://github.com/bonzini/qemu.git and see if it works for you too.

My QEMU command line is simply "-fda boot622.img".

Paolo