On Thu, Dec 13, 2012 at 02:24:18PM +0200, Gleb Natapov wrote: > On Thu, Dec 13, 2012 at 01:11:55PM +0100, Paolo Bonzini wrote: > > MOV immediate instruction (opcodes 0xB8-0xBF) may take 64-bit operand. > > Some hypervisor implementations assumed the operand is 32-bit. This > > should never happen because the instruction has no memory operand, but > > (like the existing test_mmx_movq_mf) the testcase tricks the emulator > > into executing one by mismatching the page tables and the corresponding > > TLB entry. > > > BTW how the bug was found? Why instruction was emulated at all? May be > there is bug somewhere that makes KVM emulate something it should not. During switch to protected mode. SS.DPL=3, SS.RPL=0. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
