Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > On 24/10/2017 13:10, Pedro Fonseca wrote: >> Hi, >> >> During tests that we conducted on KVM, we noticed that executing a "PUSH >> %ES" instruction under KVM produces different results on both memory and >> the SP register depending on whether EPT support is enabled. With EPT >> the SP is reduced by 4 bytes (and the written value is 0-padded) but >> without EPT support it is only reduced by 2 bytes. The difference can be >> observed when the CS.DB field is 1 (32-bit) but not when it's 0 (16-bit). > > Just one thing: your setup code is setting up selectors and DPL for a > protected mode guest, but you are not initializing CR0.PE=1. IIUC, the problem would not have occurred if CR0.PE=1. If CR0.PE=1, init_emulate_ctxt() would set the mode to X86EMUL_MODE_PROT32, the operand-size would have been determined to be 4, and the emulation would have been correct. Nadav
