Index: /trunk/src/VBox/VMM/VMMAll/IEMAll.cpp =================================================================== --- /trunk/src/VBox/VMM/VMMAll/IEMAll.cpp (revision 61381) +++ /trunk/src/VBox/VMM/VMMAll/IEMAll.cpp (revision 61382) @@ -5394,5 +5394,5 @@ { pFpuCtx->DS = 0; - pFpuCtx->FPUDP = (uint32_t)GCPtrEff | ((uint32_t)sel << 4); + pFpuCtx->FPUDP = (uint32_t)GCPtrEff + ((uint32_t)sel << 4); } else Index: /trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h =================================================================== --- /trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h (revision 61381) +++ /trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h (revision 61382) @@ -6488,21 +6488,25 @@ { /** @todo Testcase: what is stored in the "gray" areas? (figure 8-9 and 8-10) */ - uPtr.pu16[0*2] = pSrcX87->FCW; - uPtr.pu16[1*2] = pSrcX87->FSW; - uPtr.pu16[2*2] = iemFpuCalcFullFtw(pSrcX87); + uPtr.pu16[0*2] = pSrcX87->FCW; + uPtr.pu16[0*2+1] = 0xffff; /* (0xffff observed on intel skylake.) */ + uPtr.pu16[1*2] = pSrcX87->FSW; + uPtr.pu16[1*2+1] = 0xffff; + uPtr.pu16[2*2] = iemFpuCalcFullFtw(pSrcX87); + uPtr.pu16[2*2+1] = 0xffff; if (IEM_IS_REAL_OR_V86_MODE(pIemCpu)) { - uPtr.pu16[3*2] = (uint16_t)pSrcX87->FPUIP; - uPtr.pu32[4] = ((pSrcX87->FPUIP & UINT32_C(0xffff0000)) >> 4) | pSrcX87->FOP; - uPtr.pu16[5*2] = (uint16_t)pSrcX87->FPUDP; - uPtr.pu32[6] = (pSrcX87->FPUDP & UINT32_C(0xffff0000)) >> 4; + uPtr.pu16[3*2] = (uint16_t)pSrcX87->FPUIP; + uPtr.pu32[4] = ((pSrcX87->FPUIP & UINT32_C(0xffff0000)) >> 4) | pSrcX87->FOP; + uPtr.pu16[5*2] = (uint16_t)pSrcX87->FPUDP; + uPtr.pu32[6] = (pSrcX87->FPUDP & UINT32_C(0xffff0000)) >> 4; } else { - uPtr.pu32[3] = pSrcX87->FPUIP; - uPtr.pu16[4*2] = pSrcX87->CS; - uPtr.pu16[4*2+1]= pSrcX87->FOP; - uPtr.pu32[5] = pSrcX87->FPUDP; - uPtr.pu16[6*2] = pSrcX87->DS; + uPtr.pu32[3] = pSrcX87->FPUIP; + uPtr.pu16[4*2] = pSrcX87->CS; + uPtr.pu16[4*2+1] = pSrcX87->FOP; + uPtr.pu32[5] = pSrcX87->FPUDP; + uPtr.pu16[6*2] = pSrcX87->DS; + uPtr.pu16[6*2+1] = 0xffff; } } Index: /trunk/src/VBox/VMM/VMMAll/IEMAllInstructions.cpp.h =================================================================== --- /trunk/src/VBox/VMM/VMMAll/IEMAllInstructions.cpp.h (revision 61381) +++ /trunk/src/VBox/VMM/VMMAll/IEMAllInstructions.cpp.h (revision 61382) @@ -13618,4 +13618,5 @@ IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX(); IEM_MC_MAYBE_RAISE_DEVICE_NOT_AVAILABLE(); + IEM_MC_ACTUALIZE_FPU_STATE_FOR_CHANGE(); IEM_MC_ASSIGN(iEffSeg, pIemCpu->iEffSeg); IEM_MC_CALL_CIMPL_3(iemCImpl_fldenv, enmEffOpSize, iEffSeg, GCPtrEffSrc); @@ -13635,4 +13636,5 @@ IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX(); IEM_MC_MAYBE_RAISE_DEVICE_NOT_AVAILABLE(); + IEM_MC_ACTUALIZE_FPU_STATE_FOR_CHANGE(); IEM_MC_FETCH_MEM_U16(u16Fsw, pIemCpu->iEffSeg, GCPtrEffSrc); IEM_MC_CALL_CIMPL_1(iemCImpl_fldcw, u16Fsw); @@ -13653,4 +13655,5 @@ IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX(); IEM_MC_MAYBE_RAISE_DEVICE_NOT_AVAILABLE(); + IEM_MC_ACTUALIZE_FPU_STATE_FOR_READ(); IEM_MC_ASSIGN(iEffSeg, pIemCpu->iEffSeg); IEM_MC_CALL_CIMPL_3(iemCImpl_fnstenv, enmEffOpSize, iEffSeg, GCPtrEffDst); @@ -14991,4 +14994,5 @@ IEM_MC_BEGIN(0,0); IEM_MC_MAYBE_RAISE_DEVICE_NOT_AVAILABLE(); + IEM_MC_ACTUALIZE_FPU_STATE_FOR_CHANGE(); IEM_MC_CLEAR_FSW_EX(); IEM_MC_ADVANCE_RIP(); @@ -15529,4 +15533,5 @@ IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX(); IEM_MC_MAYBE_RAISE_DEVICE_NOT_AVAILABLE(); + IEM_MC_ACTUALIZE_FPU_STATE_FOR_CHANGE(); IEM_MC_ASSIGN(iEffSeg, pIemCpu->iEffSeg); IEM_MC_CALL_CIMPL_3(iemCImpl_frstor, enmEffOpSize, iEffSeg, GCPtrEffSrc); @@ -15547,4 +15552,5 @@ IEMOP_HLP_DONE_DECODING_NO_LOCK_PREFIX(); IEM_MC_MAYBE_RAISE_DEVICE_NOT_AVAILABLE(); + IEM_MC_ACTUALIZE_FPU_STATE_FOR_READ(); IEM_MC_ASSIGN(iEffSeg, pIemCpu->iEffSeg); IEM_MC_CALL_CIMPL_3(iemCImpl_fnsave, enmEffOpSize, iEffSeg, GCPtrEffDst);