Re: [PATCH] Test case of multibyte NOP in emulation mode
On Wed, Jun 05, 2013 at 10:16:46AM +0800, 李春奇 Arthur Chunqi Li wrote:
Add multibyte NOP test case to kvm-unit-tests. This case can test one
of bugs when booting RHEL5.9 64-bit.
Adding the test to x86/realmode.c will be much easier.
Signed-off-by: Arthur Chunqi Li yzt...@gmail.com
---
x86/emulator.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/x86/emulator.c b/x86/emulator.c
index 96576e5..f26c70f 100644
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -901,6 +901,37 @@ static void test_simplealu(u32 *mem)
report(test, *mem == 0x8400);
}
+static void test_nopl(uint64_t *mem, uint8_t *insn_page,
+ uint8_t *alt_insn_page, void *insn_ram)
+{
+ulong *cr3 = (ulong *)read_cr3();
+
+// Pad with RET instructions
+memset(insn_page, 0xc3, 4096);
+memset(alt_insn_page, 0xc3, 4096);
+// Place a trapping instruction in the page to trigger a VMEXIT
+insn_page[0] = 0x89; // mov %eax, (%rax)
+insn_page[1] = 0x00;
+insn_page[2] = 0x90; // nop
+// Place nopl 0x0(%eax) in alt_insn_page for emulator to execuate
+alt_insn_page[0] = 0x0f; // nop DWORD ptr[EAX]
+alt_insn_page[1] = 0x1f;
+alt_insn_page[2] = 0x00;
+
+// Load the code TLB with insn_page, but point the page tables at
+// alt_insn_page (and keep the data TLB clear, for AMD decode assist).
+// This will make the CPU trap on the insn_page instruction but the
+// hypervisor will see alt_insn_page.
+install_page(cr3, virt_to_phys(insn_page), insn_ram);
+// Load code TLB
+invlpg(insn_ram);
+asm volatile(call *%0 : : r(insn_ram + 3));
+// Trap, let hypervisor emulate at alt_insn_page
+install_page(cr3, virt_to_phys(alt_insn_page), insn_ram);
+asm volatile(call *%0 : : r(insn_ram), a(mem));
+report(nopl, 1);
+}
+
int main()
{
void *mem;
@@ -964,6 +995,8 @@ int main()
test_string_io_mmio(mem);
+ test_nopl(mem, insn_page, alt_insn_page, insn_ram);
+
printf(\nSUMMARY: %d tests, %d failures\n, tests, fails);
return fails ? 1 : 0;
}
--
1.7.9.5
--
Gleb.
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] Test case of multibyte NOP in emulation mode
Yes, that should be the point. x86/realmode.c is always running in
emulation mode. I added the testing here there but no error occurred.
I cannot find the reason.
The code is as follows added to x86/realmode.c
static void test_nopl(void)
{
MK_INSN(nopl, .byte 0x0f, 0x1f, 0x00\n\r);
exec_in_big_real_mode(insn_nopl);
report(nopl, 0, 1);
}
and I objdump from realmode.flat is as follows:
6458 insn_code_nopl:
6458: 0f 1f 00nopl (%eax)
But there cause no error when executing this insn. Why?
On Wed, Jun 5, 2013 at 2:42 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 10:16:46AM +0800, 李春奇 Arthur Chunqi Li wrote:
Add multibyte NOP test case to kvm-unit-tests. This case can test one
of bugs when booting RHEL5.9 64-bit.
Adding the test to x86/realmode.c will be much easier.
Signed-off-by: Arthur Chunqi Li yzt...@gmail.com
---
x86/emulator.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/x86/emulator.c b/x86/emulator.c
index 96576e5..f26c70f 100644
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -901,6 +901,37 @@ static void test_simplealu(u32 *mem)
report(test, *mem == 0x8400);
}
+static void test_nopl(uint64_t *mem, uint8_t *insn_page,
+ uint8_t *alt_insn_page, void *insn_ram)
+{
+ulong *cr3 = (ulong *)read_cr3();
+
+// Pad with RET instructions
+memset(insn_page, 0xc3, 4096);
+memset(alt_insn_page, 0xc3, 4096);
+// Place a trapping instruction in the page to trigger a VMEXIT
+insn_page[0] = 0x89; // mov %eax, (%rax)
+insn_page[1] = 0x00;
+insn_page[2] = 0x90; // nop
+// Place nopl 0x0(%eax) in alt_insn_page for emulator to execuate
+alt_insn_page[0] = 0x0f; // nop DWORD ptr[EAX]
+alt_insn_page[1] = 0x1f;
+alt_insn_page[2] = 0x00;
+
+// Load the code TLB with insn_page, but point the page tables at
+// alt_insn_page (and keep the data TLB clear, for AMD decode assist).
+// This will make the CPU trap on the insn_page instruction but the
+// hypervisor will see alt_insn_page.
+install_page(cr3, virt_to_phys(insn_page), insn_ram);
+// Load code TLB
+invlpg(insn_ram);
+asm volatile(call *%0 : : r(insn_ram + 3));
+// Trap, let hypervisor emulate at alt_insn_page
+install_page(cr3, virt_to_phys(alt_insn_page), insn_ram);
+asm volatile(call *%0 : : r(insn_ram), a(mem));
+report(nopl, 1);
+}
+
int main()
{
void *mem;
@@ -964,6 +995,8 @@ int main()
test_string_io_mmio(mem);
+ test_nopl(mem, insn_page, alt_insn_page, insn_ram);
+
printf(\nSUMMARY: %d tests, %d failures\n, tests, fails);
return fails ? 1 : 0;
}
--
1.7.9.5
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] Test case of multibyte NOP in emulation mode
On Wed, Jun 05, 2013 at 03:00:33PM +0800, 李春奇 Arthur Chunqi Li wrote:
Yes, that should be the point. x86/realmode.c is always running in
emulation mode. I added the testing here there but no error occurred. I
cannot find the reason.
The code is as follows added to x86/realmode.c
static void test_nopl(void)
{
MK_INSN(nopl, .byte 0x0f, 0x1f, 0x00\n\r);
exec_in_big_real_mode(insn_nopl);
report(nopl, 0, 1);
}
and I objdump from realmode.flat is as follows:
6458 insn_code_nopl:
6458: 0f 1f 00nopl (%eax)
But there cause no error when executing this insn. Why?
Because you probably use cpu that supports unrestricted mode or use AMD
processor. Can you try loading kvm-intel with unrestricted_guest=0
option?
On Wed, Jun 5, 2013 at 2:42 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 10:16:46AM +0800, 李春奇 Arthur Chunqi Li wrote:
Add multibyte NOP test case to kvm-unit-tests. This case can test one
of bugs when booting RHEL5.9 64-bit.
Adding the test to x86/realmode.c will be much easier.
Signed-off-by: Arthur Chunqi Li yzt...@gmail.com
---
x86/emulator.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/x86/emulator.c b/x86/emulator.c
index 96576e5..f26c70f 100644
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -901,6 +901,37 @@ static void test_simplealu(u32 *mem)
report(test, *mem == 0x8400);
}
+static void test_nopl(uint64_t *mem, uint8_t *insn_page,
+ uint8_t *alt_insn_page, void *insn_ram)
+{
+ulong *cr3 = (ulong *)read_cr3();
+
+// Pad with RET instructions
+memset(insn_page, 0xc3, 4096);
+memset(alt_insn_page, 0xc3, 4096);
+// Place a trapping instruction in the page to trigger a VMEXIT
+insn_page[0] = 0x89; // mov %eax, (%rax)
+insn_page[1] = 0x00;
+insn_page[2] = 0x90; // nop
+// Place nopl 0x0(%eax) in alt_insn_page for emulator to execuate
+alt_insn_page[0] = 0x0f; // nop DWORD ptr[EAX]
+alt_insn_page[1] = 0x1f;
+alt_insn_page[2] = 0x00;
+
+// Load the code TLB with insn_page, but point the page tables at
+// alt_insn_page (and keep the data TLB clear, for AMD decode
assist).
+// This will make the CPU trap on the insn_page instruction but the
+// hypervisor will see alt_insn_page.
+install_page(cr3, virt_to_phys(insn_page), insn_ram);
+// Load code TLB
+invlpg(insn_ram);
+asm volatile(call *%0 : : r(insn_ram + 3));
+// Trap, let hypervisor emulate at alt_insn_page
+install_page(cr3, virt_to_phys(alt_insn_page), insn_ram);
+asm volatile(call *%0 : : r(insn_ram), a(mem));
+report(nopl, 1);
+}
+
int main()
{
void *mem;
@@ -964,6 +995,8 @@ int main()
test_string_io_mmio(mem);
+ test_nopl(mem, insn_page, alt_insn_page, insn_ram);
+
printf(\nSUMMARY: %d tests, %d failures\n, tests, fails);
return fails ? 1 : 0;
}
--
1.7.9.5
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
Gleb.
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] Test case of multibyte NOP in emulation mode
Yes, I load kvm-intel with unrestricted_guest=0 and the emulator runs
well. I will give another test case in x86/realmode.c later.
BTW, what is the action when a 64-bit instruction executes in
x86/realmode.c? Should I add 64-bit insn tests only in x86/emulator.c?
On Wed, Jun 5, 2013 at 4:27 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 03:00:33PM +0800, 李春奇 Arthur Chunqi Li wrote:
Yes, that should be the point. x86/realmode.c is always running in
emulation mode. I added the testing here there but no error occurred. I
cannot find the reason.
The code is as follows added to x86/realmode.c
static void test_nopl(void)
{
MK_INSN(nopl, .byte 0x0f, 0x1f, 0x00\n\r);
exec_in_big_real_mode(insn_nopl);
report(nopl, 0, 1);
}
and I objdump from realmode.flat is as follows:
6458 insn_code_nopl:
6458: 0f 1f 00nopl (%eax)
But there cause no error when executing this insn. Why?
Because you probably use cpu that supports unrestricted mode or use AMD
processor. Can you try loading kvm-intel with unrestricted_guest=0
option?
On Wed, Jun 5, 2013 at 2:42 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 10:16:46AM +0800, 李春奇 Arthur Chunqi Li wrote:
Add multibyte NOP test case to kvm-unit-tests. This case can test one
of bugs when booting RHEL5.9 64-bit.
Adding the test to x86/realmode.c will be much easier.
Signed-off-by: Arthur Chunqi Li yzt...@gmail.com
---
x86/emulator.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/x86/emulator.c b/x86/emulator.c
index 96576e5..f26c70f 100644
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -901,6 +901,37 @@ static void test_simplealu(u32 *mem)
report(test, *mem == 0x8400);
}
+static void test_nopl(uint64_t *mem, uint8_t *insn_page,
+ uint8_t *alt_insn_page, void *insn_ram)
+{
+ulong *cr3 = (ulong *)read_cr3();
+
+// Pad with RET instructions
+memset(insn_page, 0xc3, 4096);
+memset(alt_insn_page, 0xc3, 4096);
+// Place a trapping instruction in the page to trigger a VMEXIT
+insn_page[0] = 0x89; // mov %eax, (%rax)
+insn_page[1] = 0x00;
+insn_page[2] = 0x90; // nop
+// Place nopl 0x0(%eax) in alt_insn_page for emulator to execuate
+alt_insn_page[0] = 0x0f; // nop DWORD ptr[EAX]
+alt_insn_page[1] = 0x1f;
+alt_insn_page[2] = 0x00;
+
+// Load the code TLB with insn_page, but point the page tables at
+// alt_insn_page (and keep the data TLB clear, for AMD decode
assist).
+// This will make the CPU trap on the insn_page instruction but the
+// hypervisor will see alt_insn_page.
+install_page(cr3, virt_to_phys(insn_page), insn_ram);
+// Load code TLB
+invlpg(insn_ram);
+asm volatile(call *%0 : : r(insn_ram + 3));
+// Trap, let hypervisor emulate at alt_insn_page
+install_page(cr3, virt_to_phys(alt_insn_page), insn_ram);
+asm volatile(call *%0 : : r(insn_ram), a(mem));
+report(nopl, 1);
+}
+
int main()
{
void *mem;
@@ -964,6 +995,8 @@ int main()
test_string_io_mmio(mem);
+ test_nopl(mem, insn_page, alt_insn_page, insn_ram);
+
printf(\nSUMMARY: %d tests, %d failures\n, tests, fails);
return fails ? 1 : 0;
}
--
1.7.9.5
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] Test case of multibyte NOP in emulation mode
On Wed, Jun 05, 2013 at 05:23:18PM +0800, 李春奇 Arthur Chunqi Li wrote:
Yes, I load kvm-intel with unrestricted_guest=0 and the emulator runs
well. I will give another test case in x86/realmode.c later.
The test fails for me on CPU without unrestricted guest support. This
means you either test on fixed kernel or unrestricted_guest=0 is broken.
BTW, what is the action when a 64-bit instruction executes in
x86/realmode.c? Should I add 64-bit insn tests only in x86/emulator.c?
Yes, 64-bit or 32-bit instructions should be added to x86/emulator.c.
On Wed, Jun 5, 2013 at 4:27 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 03:00:33PM +0800, 李春奇 Arthur Chunqi Li wrote:
Yes, that should be the point. x86/realmode.c is always running in
emulation mode. I added the testing here there but no error occurred. I
cannot find the reason.
The code is as follows added to x86/realmode.c
static void test_nopl(void)
{
MK_INSN(nopl, .byte 0x0f, 0x1f, 0x00\n\r);
exec_in_big_real_mode(insn_nopl);
report(nopl, 0, 1);
}
and I objdump from realmode.flat is as follows:
6458 insn_code_nopl:
6458: 0f 1f 00nopl (%eax)
But there cause no error when executing this insn. Why?
Because you probably use cpu that supports unrestricted mode or use AMD
processor. Can you try loading kvm-intel with unrestricted_guest=0
option?
On Wed, Jun 5, 2013 at 2:42 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 10:16:46AM +0800, 李春奇 Arthur Chunqi Li wrote:
Add multibyte NOP test case to kvm-unit-tests. This case can test one
of bugs when booting RHEL5.9 64-bit.
Adding the test to x86/realmode.c will be much easier.
Signed-off-by: Arthur Chunqi Li yzt...@gmail.com
---
x86/emulator.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/x86/emulator.c b/x86/emulator.c
index 96576e5..f26c70f 100644
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -901,6 +901,37 @@ static void test_simplealu(u32 *mem)
report(test, *mem == 0x8400);
}
+static void test_nopl(uint64_t *mem, uint8_t *insn_page,
+ uint8_t *alt_insn_page, void *insn_ram)
+{
+ulong *cr3 = (ulong *)read_cr3();
+
+// Pad with RET instructions
+memset(insn_page, 0xc3, 4096);
+memset(alt_insn_page, 0xc3, 4096);
+// Place a trapping instruction in the page to trigger a VMEXIT
+insn_page[0] = 0x89; // mov %eax, (%rax)
+insn_page[1] = 0x00;
+insn_page[2] = 0x90; // nop
+// Place nopl 0x0(%eax) in alt_insn_page for emulator to execuate
+alt_insn_page[0] = 0x0f; // nop DWORD ptr[EAX]
+alt_insn_page[1] = 0x1f;
+alt_insn_page[2] = 0x00;
+
+// Load the code TLB with insn_page, but point the page tables at
+// alt_insn_page (and keep the data TLB clear, for AMD decode
assist).
+// This will make the CPU trap on the insn_page instruction but
the
+// hypervisor will see alt_insn_page.
+install_page(cr3, virt_to_phys(insn_page), insn_ram);
+// Load code TLB
+invlpg(insn_ram);
+asm volatile(call *%0 : : r(insn_ram + 3));
+// Trap, let hypervisor emulate at alt_insn_page
+install_page(cr3, virt_to_phys(alt_insn_page), insn_ram);
+asm volatile(call *%0 : : r(insn_ram), a(mem));
+report(nopl, 1);
+}
+
int main()
{
void *mem;
@@ -964,6 +995,8 @@ int main()
test_string_io_mmio(mem);
+ test_nopl(mem, insn_page, alt_insn_page, insn_ram);
+
printf(\nSUMMARY: %d tests, %d failures\n, tests, fails);
return fails ? 1 : 0;
}
--
1.7.9.5
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
Gleb.
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] Test case of multibyte NOP in emulation mode
I mean after adding unrestricted_guest=0, the error is reproduced.
Sorry for confused expression. I have committed another patch in
x86/realmode.c.
On Wed, Jun 5, 2013 at 5:28 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 05:23:18PM +0800, 李春奇 Arthur Chunqi Li wrote:
Yes, I load kvm-intel with unrestricted_guest=0 and the emulator runs
well. I will give another test case in x86/realmode.c later.
The test fails for me on CPU without unrestricted guest support. This
means you either test on fixed kernel or unrestricted_guest=0 is broken.
BTW, what is the action when a 64-bit instruction executes in
x86/realmode.c? Should I add 64-bit insn tests only in x86/emulator.c?
Yes, 64-bit or 32-bit instructions should be added to x86/emulator.c.
On Wed, Jun 5, 2013 at 4:27 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 03:00:33PM +0800, 李春奇 Arthur Chunqi Li wrote:
Yes, that should be the point. x86/realmode.c is always running in
emulation mode. I added the testing here there but no error occurred. I
cannot find the reason.
The code is as follows added to x86/realmode.c
static void test_nopl(void)
{
MK_INSN(nopl, .byte 0x0f, 0x1f, 0x00\n\r);
exec_in_big_real_mode(insn_nopl);
report(nopl, 0, 1);
}
and I objdump from realmode.flat is as follows:
6458 insn_code_nopl:
6458: 0f 1f 00nopl (%eax)
But there cause no error when executing this insn. Why?
Because you probably use cpu that supports unrestricted mode or use AMD
processor. Can you try loading kvm-intel with unrestricted_guest=0
option?
On Wed, Jun 5, 2013 at 2:42 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 10:16:46AM +0800, 李春奇 Arthur Chunqi Li wrote:
Add multibyte NOP test case to kvm-unit-tests. This case can test one
of bugs when booting RHEL5.9 64-bit.
Adding the test to x86/realmode.c will be much easier.
Signed-off-by: Arthur Chunqi Li yzt...@gmail.com
---
x86/emulator.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/x86/emulator.c b/x86/emulator.c
index 96576e5..f26c70f 100644
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -901,6 +901,37 @@ static void test_simplealu(u32 *mem)
report(test, *mem == 0x8400);
}
+static void test_nopl(uint64_t *mem, uint8_t *insn_page,
+ uint8_t *alt_insn_page, void *insn_ram)
+{
+ulong *cr3 = (ulong *)read_cr3();
+
+// Pad with RET instructions
+memset(insn_page, 0xc3, 4096);
+memset(alt_insn_page, 0xc3, 4096);
+// Place a trapping instruction in the page to trigger a VMEXIT
+insn_page[0] = 0x89; // mov %eax, (%rax)
+insn_page[1] = 0x00;
+insn_page[2] = 0x90; // nop
+// Place nopl 0x0(%eax) in alt_insn_page for emulator to execuate
+alt_insn_page[0] = 0x0f; // nop DWORD ptr[EAX]
+alt_insn_page[1] = 0x1f;
+alt_insn_page[2] = 0x00;
+
+// Load the code TLB with insn_page, but point the page tables at
+// alt_insn_page (and keep the data TLB clear, for AMD decode
assist).
+// This will make the CPU trap on the insn_page instruction but
the
+// hypervisor will see alt_insn_page.
+install_page(cr3, virt_to_phys(insn_page), insn_ram);
+// Load code TLB
+invlpg(insn_ram);
+asm volatile(call *%0 : : r(insn_ram + 3));
+// Trap, let hypervisor emulate at alt_insn_page
+install_page(cr3, virt_to_phys(alt_insn_page), insn_ram);
+asm volatile(call *%0 : : r(insn_ram), a(mem));
+report(nopl, 1);
+}
+
int main()
{
void *mem;
@@ -964,6 +995,8 @@ int main()
test_string_io_mmio(mem);
+ test_nopl(mem, insn_page, alt_insn_page, insn_ram);
+
printf(\nSUMMARY: %d tests, %d failures\n, tests, fails);
return fails ? 1 : 0;
}
--
1.7.9.5
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] Test case of multibyte NOP in emulation mode
On Wed, Jun 05, 2013 at 05:46:31PM +0800, 李春奇 Arthur Chunqi Li wrote:
I mean after adding unrestricted_guest=0, the error is reproduced.
Ah, OK. unrestricted_guest=0 works then :)
Sorry for confused expression. I have committed another patch in
x86/realmode.c.
On Wed, Jun 5, 2013 at 5:28 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 05:23:18PM +0800, 李春奇 Arthur Chunqi Li wrote:
Yes, I load kvm-intel with unrestricted_guest=0 and the emulator runs
well. I will give another test case in x86/realmode.c later.
The test fails for me on CPU without unrestricted guest support. This
means you either test on fixed kernel or unrestricted_guest=0 is broken.
BTW, what is the action when a 64-bit instruction executes in
x86/realmode.c? Should I add 64-bit insn tests only in x86/emulator.c?
Yes, 64-bit or 32-bit instructions should be added to x86/emulator.c.
On Wed, Jun 5, 2013 at 4:27 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 03:00:33PM +0800, 李春奇 Arthur Chunqi Li wrote:
Yes, that should be the point. x86/realmode.c is always running in
emulation mode. I added the testing here there but no error occurred. I
cannot find the reason.
The code is as follows added to x86/realmode.c
static void test_nopl(void)
{
MK_INSN(nopl, .byte 0x0f, 0x1f, 0x00\n\r);
exec_in_big_real_mode(insn_nopl);
report(nopl, 0, 1);
}
and I objdump from realmode.flat is as follows:
6458 insn_code_nopl:
6458: 0f 1f 00nopl (%eax)
But there cause no error when executing this insn. Why?
Because you probably use cpu that supports unrestricted mode or use AMD
processor. Can you try loading kvm-intel with unrestricted_guest=0
option?
On Wed, Jun 5, 2013 at 2:42 PM, Gleb Natapov g...@redhat.com wrote:
On Wed, Jun 05, 2013 at 10:16:46AM +0800, 李春奇 Arthur Chunqi Li
wrote:
Add multibyte NOP test case to kvm-unit-tests. This case can test
one
of bugs when booting RHEL5.9 64-bit.
Adding the test to x86/realmode.c will be much easier.
Signed-off-by: Arthur Chunqi Li yzt...@gmail.com
---
x86/emulator.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/x86/emulator.c b/x86/emulator.c
index 96576e5..f26c70f 100644
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -901,6 +901,37 @@ static void test_simplealu(u32 *mem)
report(test, *mem == 0x8400);
}
+static void test_nopl(uint64_t *mem, uint8_t *insn_page,
+ uint8_t *alt_insn_page, void *insn_ram)
+{
+ulong *cr3 = (ulong *)read_cr3();
+
+// Pad with RET instructions
+memset(insn_page, 0xc3, 4096);
+memset(alt_insn_page, 0xc3, 4096);
+// Place a trapping instruction in the page to trigger a VMEXIT
+insn_page[0] = 0x89; // mov %eax, (%rax)
+insn_page[1] = 0x00;
+insn_page[2] = 0x90; // nop
+// Place nopl 0x0(%eax) in alt_insn_page for emulator to
execuate
+alt_insn_page[0] = 0x0f; // nop DWORD ptr[EAX]
+alt_insn_page[1] = 0x1f;
+alt_insn_page[2] = 0x00;
+
+// Load the code TLB with insn_page, but point the page tables
at
+// alt_insn_page (and keep the data TLB clear, for AMD decode
assist).
+// This will make the CPU trap on the insn_page instruction
but the
+// hypervisor will see alt_insn_page.
+install_page(cr3, virt_to_phys(insn_page), insn_ram);
+// Load code TLB
+invlpg(insn_ram);
+asm volatile(call *%0 : : r(insn_ram + 3));
+// Trap, let hypervisor emulate at alt_insn_page
+install_page(cr3, virt_to_phys(alt_insn_page), insn_ram);
+asm volatile(call *%0 : : r(insn_ram), a(mem));
+report(nopl, 1);
+}
+
int main()
{
void *mem;
@@ -964,6 +995,8 @@ int main()
test_string_io_mmio(mem);
+ test_nopl(mem, insn_page, alt_insn_page, insn_ram);
+
printf(\nSUMMARY: %d tests, %d failures\n, tests, fails);
return fails ? 1 : 0;
}
--
1.7.9.5
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
Gleb.
--
Arthur Chunqi Li
Department of Computer Science
School of EECS
Peking University
Beijing, China
--
Gleb.
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at
[PATCH] Test case of multibyte NOP in emulation mode
Add multibyte NOP test case to kvm-unit-tests. This case can test one
of bugs when booting RHEL5.9 64-bit.
Signed-off-by: Arthur Chunqi Li yzt...@gmail.com
---
x86/emulator.c | 33 +
1 file changed, 33 insertions(+)
diff --git a/x86/emulator.c b/x86/emulator.c
index 96576e5..f26c70f 100644
--- a/x86/emulator.c
+++ b/x86/emulator.c
@@ -901,6 +901,37 @@ static void test_simplealu(u32 *mem)
report(test, *mem == 0x8400);
}
+static void test_nopl(uint64_t *mem, uint8_t *insn_page,
+ uint8_t *alt_insn_page, void *insn_ram)
+{
+ulong *cr3 = (ulong *)read_cr3();
+
+// Pad with RET instructions
+memset(insn_page, 0xc3, 4096);
+memset(alt_insn_page, 0xc3, 4096);
+// Place a trapping instruction in the page to trigger a VMEXIT
+insn_page[0] = 0x89; // mov %eax, (%rax)
+insn_page[1] = 0x00;
+insn_page[2] = 0x90; // nop
+// Place nopl 0x0(%eax) in alt_insn_page for emulator to execuate
+alt_insn_page[0] = 0x0f; // nop DWORD ptr[EAX]
+alt_insn_page[1] = 0x1f;
+alt_insn_page[2] = 0x00;
+
+// Load the code TLB with insn_page, but point the page tables at
+// alt_insn_page (and keep the data TLB clear, for AMD decode assist).
+// This will make the CPU trap on the insn_page instruction but the
+// hypervisor will see alt_insn_page.
+install_page(cr3, virt_to_phys(insn_page), insn_ram);
+// Load code TLB
+invlpg(insn_ram);
+asm volatile(call *%0 : : r(insn_ram + 3));
+// Trap, let hypervisor emulate at alt_insn_page
+install_page(cr3, virt_to_phys(alt_insn_page), insn_ram);
+asm volatile(call *%0 : : r(insn_ram), a(mem));
+report(nopl, 1);
+}
+
int main()
{
void *mem;
@@ -964,6 +995,8 @@ int main()
test_string_io_mmio(mem);
+ test_nopl(mem, insn_page, alt_insn_page, insn_ram);
+
printf(\nSUMMARY: %d tests, %d failures\n, tests, fails);
return fails ? 1 : 0;
}
--
1.7.9.5
--
To unsubscribe from this list: send the line unsubscribe kvm in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
