aboutsummaryrefslogtreecommitdiff
path: root/target/i386
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2021-06-01 15:36:00 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2021-06-04 13:47:08 +0200
commit1b627f389f9da48aa8f28808770a731c1e09c338 (patch)
treefa5b9c2a700584425e7f0d7d5dfd22c22db6f1bf /target/i386
parenta5505f6b5b6f72eb21be7567fc1ef3ae2d5b3281 (diff)
downloadqemu-1b627f389f9da48aa8f28808770a731c1e09c338.zip
qemu-1b627f389f9da48aa8f28808770a731c1e09c338.tar.gz
qemu-1b627f389f9da48aa8f28808770a731c1e09c338.tar.bz2
target/i386: tcg: fix switching from 16-bit to 32-bit tasks or vice versa
The format of the task state segment is governed by bit 3 in the descriptor type field. On a task switch, the format for saving is given by the current value of TR's type field, while the format for loading is given by the new descriptor. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'target/i386')
-rw-r--r--target/i386/tcg/seg_helper.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index 2112c5f..3ed20ca 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -319,7 +319,7 @@ static void switch_tss_ra(CPUX86State *env, int tss_selector,
}
/* save the current state in the old TSS */
- if (type & 8) {
+ if (old_type & 8) {
/* 32 bit */
cpu_stl_kernel_ra(env, env->tr.base + 0x20, next_eip, retaddr);
cpu_stl_kernel_ra(env, env->tr.base + 0x24, old_eflags, retaddr);