From: Paolo Bonzini <[email protected]> In user-mode emulation, QEMU uses the default setting of the LDT base and limit, which places it at the bottom 64K of virtual address space. However, by default there is no LDT at all in Linux processes, and therefore the limit should be 0.
This is visible as a NULL pointer dereference in LSL and LAR instructions when they try to read the LDT at an unmapped address. Resolves: #1376 Cc: [email protected] Signed-off-by: Paolo Bonzini <[email protected]> (cherry picked from commit 58aa1d08bbc406ba3982f32ffb1bef0ff4f8f369) Signed-off-by: Michael Tokarev <[email protected]> diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 489ab9cd41..682d71be88 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -5906,7 +5906,11 @@ static void x86_cpu_reset(DeviceState *dev) env->idt.limit = 0xffff; env->gdt.limit = 0xffff; +#if defined(CONFIG_USER_ONLY) + env->ldt.limit = 0; +#else env->ldt.limit = 0xffff; +#endif env->ldt.flags = DESC_P_MASK | (2 << DESC_TYPE_SHIFT); env->tr.limit = 0xffff; env->tr.flags = DESC_P_MASK | (11 << DESC_TYPE_SHIFT); -- 2.47.3
