Skip to content

target/i386: TSS trap bit implementation is broken

Commit to blame ad441b8b

The correct implementation pseudo logic should be:

if (TSS_T_flag)
  then set X86_DR6[BT]=01'b, raise_exception(#DB);

TSS_T_flag is BIT0 at TSSBase + 0x64.

Recommended patch to fix the implementation

diff -Nru ../orig/qemu-10.1.0/target/i386/tcg/seg_helper.c ../qemu-10.1.0/target/i386/tcg/seg_helper.c
--- ../orig/qemu-10.1.0/target/i386/tcg/seg_helper.c
+++ ../qemu-10.1.0/target/i386/tcg/seg_helper.c
@@ -456,7 +456,7 @@
             new_segs[i] = access_ldw(&new, tss_base + (0x48 + i * 4));
         }
         new_ldt = access_ldw(&new, tss_base + 0x60);
-        new_trap = access_ldl(&new, tss_base + 0x64);
+        new_trap = access_ldw(&new, tss_base + 0x64) & 1;
     } else {
         /* 16 bit */
         new_cr3 = 0;
Edited by kjliew
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information