blob: 3f75ca7c9a9a70c94b1c27b0642b1eac77e5de61 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
instruction: 0.954
assembly: 0.897
device: 0.854
graphic: 0.701
vnc: 0.674
socket: 0.609
network: 0.505
boot: 0.489
semantic: 0.444
KVM: 0.243
other: 0.223
mistranslation: 0.191
x86 LSL and LAR fault
Description of problem:
From the description of LSL and LAR instructions in manual, `If the segment descriptor cannot be accessed or is an invalid type for the instruction, the ZF flag is cleared and no value is loaded in the destination operand.`. When it happens at the CPU, it seems they do nothing (nop). However, in QEMU, it crashes.
Steps to reproduce:
1. Compile this code
```
void main() {
asm("mov rax, 0xa02e698e741f5a6a");
asm("mov rbx, 0x20959ddd7a0aef");
asm("lsl ax, bx");
}
```
2. Execute. QEMU crashes but CPU does not. This problem happens with LAR, too.
Additional information:
This bug is discovered by research conducted by KAIST SoftSec.
|