Hmmmm... http://www.rcollins.org/articles/loadall/tspe … _doc.html#Fig2b

Intel recommends some guidelines for proper execution following LOADALL. The stack segment should be a read/write data segment; the code segment can be execute on1y (access=95h), read/execute (access=9bh), or read/write/execute (access=93h). Proper protected mode operation also requires that the DPL of CS and DPL of SS be equal. These attributes determine the CPL of the processor. Also, the DPL fields of ES and DS should be equal to 3 to prevent RETF or IRET instructions from zeroing these registers.

So the DPL of 3 doesn't affect real-mode code running, but only protected-mode code executing IRET/RETF's security checks(caused by returning to a lower privilege level), as is documented to be the case with said instructions returning in protected mode(EFLAGS.V86 cleared, CR0.PE set)?

superfury wrote:

So the DPL of 3 doesn't affect real-mode code running, but only protected-mode code executing IRET/RETF's security checks(caused by returning to a lower privilege level), as is documented to be the case with said instructions returning in protected mode(EFLAGS.V86 cleared, CR0.PE set)?

Right, data segment DPL doesn't matter except when they are loaded or a far return.

the CS.DPL==SS.DPL(in reality only SS.DPL afaik?) determines the CPL.

DPL of CS might not equal CPL if the code segment is conforming which is why SS DPL determines CPL. RPL of CS is then set to CPL to make sure privilege is correct if a far return is executed back to the conforming segment.

Thinking about it, how does INVLPG work? UniPCemu currently takes the ModR/M segment:offset it refers to(e.g. DS:[EAX] will use linear address DS.base+EAX) and flush any entries that match said address(E.g. when DS points to address 100 and EAX=2000, it flushes the entry/entries for linear address 2100).

Is that correct behaviour? Or is it supposed to read the data pointed to the ModR/M(an absolute pointer in memory) and flush that address from the TLB?

Also, what happens when you execute unprivileged(CPL>0) register modr/m with this instruction? Will it throw #UD or #GP(0)?
If I must believe Dosbox-X, #GP(0) has priority for almost all 0F01 instructions. The only exception being INVPLG, where #UD somehow has priority over #GP(0)?