target/i386: TSS trap bit implementation is broken
Commit to blame ad441b8b
The correct implementation pseudo logic should be:
if (TSS_T_flag)
then set X86_DR6[BT]=01'b, raise_exception(#DB);
TSS_T_flag is BIT0 at TSSBase + 0x64.
Recommended patch to fix the implementation
diff -Nru ../orig/qemu-10.1.0/target/i386/tcg/seg_helper.c ../qemu-10.1.0/target/i386/tcg/seg_helper.c
--- ../orig/qemu-10.1.0/target/i386/tcg/seg_helper.c
+++ ../qemu-10.1.0/target/i386/tcg/seg_helper.c
@@ -456,7 +456,7 @@
new_segs[i] = access_ldw(&new, tss_base + (0x48 + i * 4));
}
new_ldt = access_ldw(&new, tss_base + 0x60);
- new_trap = access_ldl(&new, tss_base + 0x64);
+ new_trap = access_ldw(&new, tss_base + 0x64) & 1;
} else {
/* 16 bit */
new_cr3 = 0;
Edited by kjliew