From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: Re: [PATCH kvm-unit-tests] emulator: test 64-bit mov with immediate
 operand
Date: Thu, 13 Dec 2012 18:45:26 -0200
Message-ID: <20121213204526.GA1529@amt.cnet>
References: <1355400716-21359-1-git-send-email-pbonzini@redhat.com>
 <20121213122418.GA11016@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Paolo Bonzini <pbonzini@redhat.com>, kvm@vger.kernel.org,
	Nadav Amit <nadav.amit@gmail.com>
To: Gleb Natapov <gleb@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:42808 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755639Ab2LMU6R (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 13 Dec 2012 15:58:17 -0500
Content-Disposition: inline
In-Reply-To: <20121213122418.GA11016@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Thu, Dec 13, 2012 at 02:24:18PM +0200, Gleb Natapov wrote:
> On Thu, Dec 13, 2012 at 01:11:55PM +0100, Paolo Bonzini wrote:
> > MOV immediate instruction (opcodes 0xB8-0xBF) may take 64-bit operand.
> > Some hypervisor implementations assumed the operand is 32-bit.  This
> > should never happen because the instruction has no memory operand, but
> > (like the existing test_mmx_movq_mf) the testcase tricks the emulator
> > into executing one by mismatching the page tables and the corresponding
> > TLB entry.
> > 
> BTW how the bug was found? Why instruction was emulated at all? May be
> there is bug somewhere that makes KVM emulate something it should not.

During switch to protected mode. SS.DPL=3, SS.RPL=0.