On Wed, 11 Jun 2025 at 14:05, Mark Cave-Ayland
<mark.cave-ayl...@ilande.co.uk> wrote:
>
> Before commit e54ef98c8a ("target/i386: do not trigger IRQ shadow for LSS"),
> any
> write to SS in gen_movl_seg() would cause a TB exit. The changes introduced by
> this commit were intended to restrict the DISAS_EOB_INHIBIT_IRQ exit to the
> case
> where inhibit_irq is true, but missed that a DISAS_EOB_NEXT exit can still be
> required when writing to SS and inhibit_irq is false.
>
> Comparing the PE(s) && !VM86(s) section with the logic in
> x86_update_hflags(), we
> can see that the DISAS_EOB_NEXT exit is still required for the !CODE32 case
> when
> writing to SS in gen_movl_seg() because any change to the SS flags can affect
> hflags. Similarly we can see that the existing CODE32 case is still correct
> since
> a change to any of DS, ES and SS can affect hflags. Finally for the
> gen_op_movl_seg_real() case an explicit TB exit is not needed because the
> segment
> register selector does not affect hflags.
>
> Update the logic in gen_movl_seg() so that a write to SS with inhibit_irq set
> to
> false where PE(s) && !VM86(s) will generate a DISAS_EOB_NEXT exit along with
> the
> inline comment. This has the effect of allowing Win98SE to boot in QEMU once
> again.
>
> Signed-off-by: Mark Cave-Ayland <mark.cave-ayl...@ilande.co.uk>
> Cc: qemu-sta...@nongnu.org
> Fixes: e54ef98c8a ("target/i386: do not trigger IRQ shadow for LSS")
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2987
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org>
thanks
-- PMM
