From 1b627f389f9da48aa8f28808770a731c1e09c338 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 1 Jun 2021 15:36:00 +0200 Subject: target/i386: tcg: fix switching from 16-bit to 32-bit tasks or vice versa The format of the task state segment is governed by bit 3 in the descriptor type field. On a task switch, the format for saving is given by the current value of TR's type field, while the format for loading is given by the new descriptor. Signed-off-by: Paolo Bonzini --- target/i386/tcg/seg_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c index 2112c5fc51..3ed20ca31d 100644 --- a/target/i386/tcg/seg_helper.c +++ b/target/i386/tcg/seg_helper.c @@ -319,7 +319,7 @@ static void switch_tss_ra(CPUX86State *env, int tss_selector, } /* save the current state in the old TSS */ - if (type & 8) { + if (old_type & 8) { /* 32 bit */ cpu_stl_kernel_ra(env, env->tr.base + 0x20, next_eip, retaddr); cpu_stl_kernel_ra(env, env->tr.base + 0x24, old_eflags, retaddr); -- cgit v1.2.3