From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35689)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kevin@koconnor.net>) id 1Wmrzg-00057m-0Z
	for qemu-devel@nongnu.org; Tue, 20 May 2014 17:54:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kevin@koconnor.net>) id 1WmrzZ-0003UL-S5
	for qemu-devel@nongnu.org; Tue, 20 May 2014 17:54:43 -0400
Received: from mail-pa0-f45.google.com ([209.85.220.45]:55366)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kevin@koconnor.net>) id 1WmrzZ-0003UA-MW
	for qemu-devel@nongnu.org; Tue, 20 May 2014 17:54:37 -0400
Received: by mail-pa0-f45.google.com with SMTP id ey11so712046pad.32
	for <qemu-devel@nongnu.org>; Tue, 20 May 2014 14:54:36 -0700 (PDT)
Date: Tue, 20 May 2014 17:54:33 -0400
From: Kevin O'Connor <kevin@koconnor.net>
Message-ID: <20140520215433.GA19697@morn.localdomain>
References: <1400270365-12316-1-git-send-email-pbonzini@redhat.com>
	<1400270365-12316-4-git-send-email-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1400270365-12316-4-git-send-email-pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 3/3] target-i386: get CPL from SS.DPL
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org

On Fri, May 16, 2014 at 09:59:25PM +0200, Paolo Bonzini wrote:
> CS.RPL is not equal to the CPL in the few instructions between
> setting CR0.PE and reloading CS.  We get this right in the common
> case, because writes to CR0 do not modify the CPL, but it would
> not be enough if an SMI comes exactly during that brief period.
> Were this to happen, the RSM instruction would erroneously set
> CPL to the low two bits of the real-mode selector; and if they are
> not 00, the next instruction fetch cannot access the code segment
> and causes a triple fault.
> 
> However, SS.DPL *is* always equal to the CPL.  In real processors
> (AMD only) there is a weird case of SYSRET setting SS.DPL=SS.RPL
> from the STAR register while forcing CPL=3, but we do not emulate
> that.

I was in the process of testing something else, when I encountered a
problem with an old MSDOS 6.22 floppy I had.  I tracked it down to an
error in one of the commits I did in this series (I sent a fix in a
separate email for it).

Unfortunately, after I fixed the problem in my patch, your patch above
breaks it again.  I think it's another VM86 thing.

Steps to reproduce:

1 - grab the DOS 6.22 floppy from: http://bootdisk.com/bootdisk.htm

2 - boot it up and add emm386.exe to config.sys ("edit config.sys" and
add "DEVICE=EMM386.EXE" on the second line of the file).

3 - reboot with modified config.sys

-Kevin