Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Marcelo Tosatti wrote: 1) add is storing the result in the wrong register 6486: 66 64 89 3e 72 01 mov%edi,%fs:0x172 648c: 66 be 8d 03 00 00 mov$0x38d,%esi 6492: 66 c1 e6 04 shl$0x4,%esi 6496: 66 b8 98 0a 00 00 mov$0xa98,%eax 649c: 66 03 f0add%eax,%esi The destination for the add is %esi, but the emulation stores the result in eax, because: if ((c-d ModRM) c-modrm_mod == 3) { u8 reg; c-dst.bytes = (c-d ByteOp) ? 1 : c-op_bytes; c-dst.ptr = decode_register(c-modrm_rm, c-regs, c-d ByteOp); } modrm_reg contains 6, which is the correct register index, but modrm_rm contains 0, so the result is stored in eax (see hack). What version are you looking at? Current code doesn't have exactly this. But register-in-modrm decoding is a mess, yes. I think the best thing is to have decode_modrm() accept a struct operand parameter and decode into that. -- Do not meddle in the internals of kernels, for they are subtle and quick to panic. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Thu, 15 May 2008 10:33:38 +0300 Avi Kivity [EMAIL PROTECTED] wrote: Marcelo Tosatti wrote: 1) add is storing the result in the wrong register 6486: 66 64 89 3e 72 01 mov%edi,%fs:0x172 648c: 66 be 8d 03 00 00 mov$0x38d,%esi 6492: 66 c1 e6 04 shl$0x4,%esi 6496: 66 b8 98 0a 00 00 mov$0xa98,%eax 649c: 66 03 f0add%eax,%esi The destination for the add is %esi, but the emulation stores the result in eax, because: if ((c-d ModRM) c-modrm_mod == 3) { u8 reg; c-dst.bytes = (c-d ByteOp) ? 1 : c-op_bytes; c-dst.ptr = decode_register(c-modrm_rm, c-regs, c-d ByteOp); } modrm_reg contains 6, which is the correct register index, but modrm_rm contains 0, so the result is stored in eax (see hack). What version are you looking at? Current code doesn't have exactly this. It's in my patch. I added this because in gfxboot code there is an instruction add %eax, %esp that needs to be emulated and with the normal path, if I remember well, we have c-dst.bytes == 0 and thus, the emulate_2op_SrcV() function just do nothing. Regards, Guillaume - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Wed, May 14, 2008 at 10:29 AM, Guillaume Thouvenin [EMAIL PROTECTED] wrote: On Tue, 6 May 2008 20:05:39 +0300 Mohammed Gamal [EMAIL PROTECTED] wrote: WinXP fails with the patch applied too. Ubuntu 7.10 live CD and FreeDOS don't boot but complain about instruction mov 0x11,sreg not being emulated. Mohammed, can you try the patch at the end of this mail? Here it's working with FreeDOS now (I added the emulation of 0x90 that is an xchg instruction). I can also boot winXP Professional X64 edition. I still have a weird issue with Ubuntu 7.10 that crashes sometimes with the error: kvm_run: failed entry, reason 5 kvm_run returned -8 It's a little bit strange because this error appears very often with the wmii window manager but never with XFCE. And with wmii, it only occurs when I move the mouse above the Qemu/KVM window. If I wait 30s until the automatic boot it works... So to give a summary, on my box: OpensSuse 10.3 - OK WinXP Pro X64 - OK FreeDOS- OK Ubuntu 7.10- NOK Regards, Guillaume On Wed, May 14, 2008 at 10:29 AM, Guillaume Thouvenin [EMAIL PROTECTED] wrote: On Tue, 6 May 2008 20:05:39 +0300 Mohammed Gamal [EMAIL PROTECTED] wrote: WinXP fails with the patch applied too. Ubuntu 7.10 live CD and FreeDOS don't boot but complain about instruction mov 0x11,sreg not being emulated. Mohammed, can you try the patch at the end of this mail? Here it's working with FreeDOS now (I added the emulation of 0x90 that is an xchg instruction). I can also boot winXP Professional X64 edition. I still have a weird issue with Ubuntu 7.10 that crashes sometimes with the error: kvm_run: failed entry, reason 5 kvm_run returned -8 It's a little bit strange because this error appears very often with the wmii window manager but never with XFCE. And with wmii, it only occurs when I move the mouse above the Qemu/KVM window. If I wait 30s until the automatic boot it works... So to give a summary, on my box: OpensSuse 10.3 - OK WinXP Pro X64 - OK FreeDOS- OK Ubuntu 7.10- NOK Regards, Guillaume Hi Guillaume, I still haven't applied the patch you sent now. However I'm using the patch you last sent me (it's attached in case anyone wants to have a look). I'm having the same problem with Ubuntu 7.10 Live CD under GNOME. Regarding WinXP, I'm using 32-bit WinXP Pro and it crashes with this error: unhandled vm exit: 0x21 vcpu_id 0 rax 0011 rbx 14fc rcx rdx 534d rsi 1d68 rdi 0008164f rsp 14fa rbp 1522 r8 r9 r10 r11 r12 r13 r14 r15 rip 0269 rflags 00010006 cs 2000 (0002/ p 1 dpl 0 db 0 s 1 type b l 0 g 0 avl 0) ds 22f3 (00022f30/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) es (/ p 1 dpl 0 db 0 s 1 type 3 l 0 g 0 avl 0) ss 22f3 (00022f30/ p 1 dpl 0 db 0 s 1 type 3 l 0 g 0 avl 0) fs 0030 (0300/ p 1 dpl 0 db 0 s 1 type 3 l 0 g 0 avl 0) gs (/ p 1 dpl 0 db 0 s 1 type 3 l 0 g 0 avl 0) tr (/ p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0) ldt (/ p 1 dpl 0 db 0 s 0 type 2 l 0 g 0 avl 0) gdt 17000/3ff idt 17400/7ff cr0 11 cr2 0 cr3 0 cr4 0 cr8 0 efer 0 Aborted and dmesg outputs this: emulation failed (vmentry failure) rip 269 68 6d 02 cb The output is the same on every run. I'll give this patch (and Marcello's) a try and report on what happens. real_mode_support_20080605.patch Description: application/mbox - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Tue, 6 May 2008 20:05:39 +0300 Mohammed Gamal [EMAIL PROTECTED] wrote: WinXP fails with the patch applied too. Ubuntu 7.10 live CD and FreeDOS don't boot but complain about instruction mov 0x11,sreg not being emulated. Mohammed, can you try the patch at the end of this mail? Here it's working with FreeDOS now (I added the emulation of 0x90 that is an xchg instruction). I can also boot winXP Professional X64 edition. I still have a weird issue with Ubuntu 7.10 that crashes sometimes with the error: kvm_run: failed entry, reason 5 kvm_run returned -8 It's a little bit strange because this error appears very often with the wmii window manager but never with XFCE. And with wmii, it only occurs when I move the mouse above the Qemu/KVM window. If I wait 30s until the automatic boot it works... So to give a summary, on my box: OpensSuse 10.3 - OK WinXP Pro X64 - OK FreeDOS- OK Ubuntu 7.10- NOK Regards, Guillaume --- diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index e94a8c3..efde223 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1287,7 +1287,9 @@ static void enter_pmode(struct kvm_vcpu *vcpu) fix_pmode_dataseg(VCPU_SREG_GS, vcpu-arch.rmode.gs); fix_pmode_dataseg(VCPU_SREG_FS, vcpu-arch.rmode.fs); +#if 0 vmcs_write16(GUEST_SS_SELECTOR, 0); +#endif vmcs_write32(GUEST_SS_AR_BYTES, 0x93); vmcs_write16(GUEST_CS_SELECTOR, @@ -2648,6 +2650,73 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) return 1; } +static int invalid_guest_state(struct kvm_vcpu *vcpu, + struct kvm_run *kvm_run, u32 failure_reason) +{ + u16 ss, cs; + u8 opcodes[4]; + unsigned long rip = vcpu-arch.rip; + unsigned long rip_linear; + + ss = vmcs_read16(GUEST_SS_SELECTOR); + cs = vmcs_read16(GUEST_CS_SELECTOR); + + if ((ss 0x03) != (cs 0x03)) { + int err; + rip_linear = rip + vmx_get_segment_base(vcpu, VCPU_SREG_CS); + emulator_read_std(rip_linear, (void *)opcodes, 4, vcpu); +#if 0 + printk(KERN_INFO emulation at (%lx) rip %lx: %02x %02x %02x %02x\n, + rip_linear, + rip, opcodes[0], opcodes[1], opcodes[2], opcodes[3]); +#endif + err = emulate_instruction(vcpu, kvm_run, 0, 0, 0); + switch (err) { + case EMULATE_DONE: +#if 0 + printk(KERN_INFO successfully emulated instruction\n); +#endif + return 1; + case EMULATE_DO_MMIO: + printk(KERN_INFO mmio?\n); + return 0; + default: + kvm_report_emulation_failure(vcpu, vmentry failure); + break; + } + } + + kvm_run-exit_reason = KVM_EXIT_UNKNOWN; + kvm_run-hw.hardware_exit_reason = failure_reason; + return 0; +} + +static int handle_vmentry_failure(struct kvm_vcpu *vcpu, + struct kvm_run *kvm_run, + u32 failure_reason) +{ + unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); +#if 0 + printk(KERN_INFO Failed vm entry (exit reason 0x%x) , failure_reason); +#endif + switch (failure_reason) { + case EXIT_REASON_INVALID_GUEST_STATE: +#if 0 + printk(invalid guest state \n); +#endif + return invalid_guest_state(vcpu, kvm_run, failure_reason); + case EXIT_REASON_MSR_LOADING: + printk(caused by MSR entry %ld loading.\n, exit_qualification); + break; + case EXIT_REASON_MACHINE_CHECK: + printk(caused by machine check.\n); + break; + default: + printk(reason not known yet!\n); + break; + } + return 0; +} /* * The exit handlers return 1 if the exit was handled fully and guest execution * may resume. Otherwise they set the kvm_run parameter to indicate what needs @@ -2709,6 +2778,12 @@ static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu) exit_reason != EXIT_REASON_EPT_VIOLATION)) printk(KERN_WARNING %s: unexpected, valid vectoring info and exit reason is 0x%x\n, __func__, exit_reason); + + if ((exit_reason VMX_EXIT_REASONS_FAILED_VMENTRY)) { + exit_reason = ~VMX_EXIT_REASONS_FAILED_VMENTRY; + return handle_vmentry_failure(vcpu, kvm_run, exit_reason); + } + if (exit_reason kvm_vmx_max_exit_handlers kvm_vmx_exit_handlers[exit_reason]) return kvm_vmx_exit_handlers[exit_reason](vcpu,
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Hi Guillaume, On Wed, May 14, 2008 at 09:29:11AM +0200, Guillaume Thouvenin wrote: On Tue, 6 May 2008 20:05:39 +0300 Mohammed Gamal [EMAIL PROTECTED] wrote: WinXP fails with the patch applied too. Ubuntu 7.10 live CD and FreeDOS don't boot but complain about instruction mov 0x11,sreg not being emulated. Mohammed, can you try the patch at the end of this mail? Here it's working with FreeDOS now (I added the emulation of 0x90 that is an xchg instruction). I can also boot winXP Professional X64 edition. I still have a weird issue with Ubuntu 7.10 that crashes sometimes with the error: kvm_run: failed entry, reason 5 kvm_run returned -8 It's a little bit strange because this error appears very often with the wmii window manager but never with XFCE. And with wmii, it only occurs when I move the mouse above the Qemu/KVM window. If I wait 30s until the automatic boot it works... This appears to be due to the vmport save/load bug: https://bugs.launchpad.net/ubuntu/+source/kvm/+bug/219165 I'll look into it if nobody beats me to it. Regarding FreeDOS, it necessary to emulate software interrupts and NOP to get the HIMEM XMS-memory driver version to boot (with the FreeOSZOO image). The maximum RAM free, using EMM86 version is more complicated, requiring ldt, ltr and a few other things. There are two problems remaining: 1) add is storing the result in the wrong register 6486: 66 64 89 3e 72 01 mov%edi,%fs:0x172 648c: 66 be 8d 03 00 00 mov$0x38d,%esi 6492: 66 c1 e6 04 shl$0x4,%esi 6496: 66 b8 98 0a 00 00 mov$0xa98,%eax 649c: 66 03 f0add%eax,%esi The destination for the add is %esi, but the emulation stores the result in eax, because: if ((c-d ModRM) c-modrm_mod == 3) { u8 reg; c-dst.bytes = (c-d ByteOp) ? 1 : c-op_bytes; c-dst.ptr = decode_register(c-modrm_rm, c-regs, c-d ByteOp); } modrm_reg contains 6, which is the correct register index, but modrm_rm contains 0, so the result is stored in eax (see hack). 2) iretl generates pagefaults 1226df: 0f 06 clts 1226e1: b8 14 00mov$0x14,%ax 1226e4: 8e e0 mov%ax,%fs 1226e6: 66 64 a1 50 01 mov%fs:0x150,%eax 1226eb: 0f 22 d8mov%eax,%cr3 1226ee: 0f 20 c0mov%cr0,%eax 1226f1: 66 0d 00 00 00 80 or $0x8000,%eax 1226f7: 0f 22 c0mov%eax,%cr0 1226fa: 66 cf iretl The iretl which happens after enabling paging faults in different ways: kvm_inject_page_fault: EIP=1226fa kvm_inject_page_fault: ADDR=1226fa kvm_inject_page_fault: EIP=1226fa kvm_inject_page_fault: ADDR=1237d1 kvm: inject_page_fault: double fault 0x1237d1 Index: kvm.tip/arch/x86/kvm/vmx.c === --- kvm.tip.orig/arch/x86/kvm/vmx.c +++ kvm.tip/arch/x86/kvm/vmx.c @@ -194,6 +194,12 @@ static inline int is_external_interrupt( == (INTR_TYPE_EXT_INTR | INTR_INFO_VALID_MASK); } +static inline int is_software_interrupt(u32 intr_info) +{ + return (intr_info (INTR_TYPE_SOFT_INTR | INTR_INFO_VALID_MASK)) + == (INTR_TYPE_SOFT_INTR | INTR_INFO_VALID_MASK); +} + static inline int cpu_has_vmx_msr_bitmap(void) { return (vmcs_config.cpu_based_exec_ctrl CPU_BASED_USE_MSR_BITMAPS); @@ -2190,8 +2196,10 @@ static void kvm_guest_debug_pre(struct k } static int handle_rmode_exception(struct kvm_vcpu *vcpu, - int vec, u32 err_code) + u32 intr_info, u32 err_code) { + int vec = intr_info INTR_INFO_VECTOR_MASK; + if (!vcpu-arch.rmode.active) return 0; @@ -2202,6 +2210,10 @@ static int handle_rmode_exception(struct if (((vec == GP_VECTOR) || (vec == SS_VECTOR)) err_code == 0) if (emulate_instruction(vcpu, NULL, 0, 0, 0) == EMULATE_DONE) return 1; + if (is_software_interrupt(intr_info) err_code == 0) { + if (emulate_instruction(vcpu, NULL, 0, 0, 0) == EMULATE_DONE) + return 1; + } return 0; } @@ -2257,8 +2269,7 @@ static int handle_exception(struct kvm_v } if (vcpu-arch.rmode.active - handle_rmode_exception(vcpu, intr_info INTR_INFO_VECTOR_MASK, - error_code)) { + handle_rmode_exception(vcpu, intr_info, error_code)) { if (vcpu-arch.halt_request) { vcpu-arch.halt_request = 0; return kvm_emulate_halt(vcpu); Index: kvm.tip/arch/x86/kvm/x86.c
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Mon, 5 May 2008 16:29:21 +0300 Mohammed Gamal [EMAIL PROTECTED] wrote: On Mon, May 5, 2008 at 3:57 PM, Anthony Liguori [EMAIL PROTECTED] wrote: WinXP fails to boot with your patch applied too. FWIW, Ubuntu 8.04 has a fixed version of gfxboot that doesn't do nasty things with SS on privileged mode transitions. WinXP fails with the patch applied too. Ubuntu 7.10 live CD and FreeDOS don't boot but complain about instruction mov 0x11,sreg not being emulated. Can you try with this one please? On my computer it boots ubuntu-8.04-desktop-i386.iso liveCD and also openSUSE-10.3-GM-x86_64-mini.iso I will try FreeDOS and WinXP if I can find one ;) Regards, Guillaume --- diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 26c4f02..6e76c2e 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1272,7 +1272,9 @@ static void enter_pmode(struct kvm_vcpu *vcpu) fix_pmode_dataseg(VCPU_SREG_GS, vcpu-arch.rmode.gs); fix_pmode_dataseg(VCPU_SREG_FS, vcpu-arch.rmode.fs); +#if 0 vmcs_write16(GUEST_SS_SELECTOR, 0); +#endif vmcs_write32(GUEST_SS_AR_BYTES, 0x93); vmcs_write16(GUEST_CS_SELECTOR, @@ -2633,6 +2635,73 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run) return 1; } +static int invalid_guest_state(struct kvm_vcpu *vcpu, + struct kvm_run *kvm_run, u32 failure_reason) +{ + u16 ss, cs; + u8 opcodes[4]; + unsigned long rip = vcpu-arch.rip; + unsigned long rip_linear; + + ss = vmcs_read16(GUEST_SS_SELECTOR); + cs = vmcs_read16(GUEST_CS_SELECTOR); + + if ((ss 0x03) != (cs 0x03)) { + int err; + rip_linear = rip + vmx_get_segment_base(vcpu, VCPU_SREG_CS); + emulator_read_std(rip_linear, (void *)opcodes, 4, vcpu); +#if 0 + printk(KERN_INFO emulation at (%lx) rip %lx: %02x %02x %02x %02x\n, + rip_linear, + rip, opcodes[0], opcodes[1], opcodes[2], opcodes[3]); +#endif + err = emulate_instruction(vcpu, kvm_run, 0, 0, 0); + switch (err) { + case EMULATE_DONE: +#if 0 + printk(KERN_INFO successfully emulated instruction\n); +#endif + return 1; + case EMULATE_DO_MMIO: + printk(KERN_INFO mmio?\n); + return 0; + default: + kvm_report_emulation_failure(vcpu, vmentry failure); + break; + } + } + + kvm_run-exit_reason = KVM_EXIT_UNKNOWN; + kvm_run-hw.hardware_exit_reason = failure_reason; + return 0; +} + +static int handle_vmentry_failure(struct kvm_vcpu *vcpu, + struct kvm_run *kvm_run, + u32 failure_reason) +{ + unsigned long exit_qualification = vmcs_readl(EXIT_QUALIFICATION); +#if 0 + printk(KERN_INFO Failed vm entry (exit reason 0x%x) , failure_reason); +#endif + switch (failure_reason) { + case EXIT_REASON_INVALID_GUEST_STATE: +#if 0 + printk(invalid guest state \n); +#endif + return invalid_guest_state(vcpu, kvm_run, failure_reason); + case EXIT_REASON_MSR_LOADING: + printk(caused by MSR entry %ld loading.\n, exit_qualification); + break; + case EXIT_REASON_MACHINE_CHECK: + printk(caused by machine check.\n); + break; + default: + printk(reason not known yet!\n); + break; + } + return 0; +} /* * The exit handlers return 1 if the exit was handled fully and guest execution * may resume. Otherwise they set the kvm_run parameter to indicate what needs @@ -2694,6 +2763,12 @@ static int kvm_handle_exit(struct kvm_run *kvm_run, struct kvm_vcpu *vcpu) exit_reason != EXIT_REASON_EPT_VIOLATION)) printk(KERN_WARNING %s: unexpected, valid vectoring info and exit reason is 0x%x\n, __func__, exit_reason); + + if ((exit_reason VMX_EXIT_REASONS_FAILED_VMENTRY)) { + exit_reason = ~VMX_EXIT_REASONS_FAILED_VMENTRY; + return handle_vmentry_failure(vcpu, kvm_run, exit_reason); + } + if (exit_reason kvm_vmx_max_exit_handlers kvm_vmx_exit_handlers[exit_reason]) return kvm_vmx_exit_handlers[exit_reason](vcpu, kvm_run); diff --git a/arch/x86/kvm/vmx.h b/arch/x86/kvm/vmx.h index 79d94c6..2cebf48 100644 --- a/arch/x86/kvm/vmx.h +++ b/arch/x86/kvm/vmx.h @@ -238,7 +238,10 @@ enum vmcs_field { #define EXIT_REASON_IO_INSTRUCTION 30 #define EXIT_REASON_MSR_READ31 #define
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Guillaume Thouvenin wrote: On Mon, 5 May 2008 16:29:21 +0300 Mohammed Gamal [EMAIL PROTECTED] wrote: On Mon, May 5, 2008 at 3:57 PM, Anthony Liguori [EMAIL PROTECTED] wrote: WinXP fails to boot with your patch applied too. FWIW, Ubuntu 8.04 has a fixed version of gfxboot that doesn't do nasty things with SS on privileged mode transitions. WinXP fails with the patch applied too. Ubuntu 7.10 live CD and FreeDOS don't boot but complain about instruction mov 0x11,sreg not being emulated. Can you try with this one please? On my computer it boots ubuntu-8.04-desktop-i386.iso liveCD and also openSUSE-10.3-GM-x86_64-mini.iso 8.04 is not a good test-case. 7.10 is what you want to try. The good news is, 7.10 appears to work! The bad news is that about 20% of the time, it crashes and displays the following: kvm_run: failed entry, reason 5 kvm_run returned -8 So something appears to be a bit buggy. Still, very good work! Regards, Anthony Liguori - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Tue, May 6, 2008 at 5:30 PM, Anthony Liguori [EMAIL PROTECTED] wrote: Guillaume Thouvenin wrote: On Mon, 5 May 2008 16:29:21 +0300 Mohammed Gamal [EMAIL PROTECTED] wrote: On Mon, May 5, 2008 at 3:57 PM, Anthony Liguori [EMAIL PROTECTED] wrote: WinXP fails to boot with your patch applied too. FWIW, Ubuntu 8.04 has a fixed version of gfxboot that doesn't do nasty things with SS on privileged mode transitions. WinXP fails with the patch applied too. Ubuntu 7.10 live CD and FreeDOS don't boot but complain about instruction mov 0x11,sreg not being emulated. Can you try with this one please? On my computer it boots ubuntu-8.04-desktop-i386.iso liveCD and also openSUSE-10.3-GM-x86_64-mini.iso 8.04 is not a good test-case. 7.10 is what you want to try. The good news is, 7.10 appears to work! The bad news is that about 20% of the time, it crashes and displays the following: kvm_run: failed entry, reason 5 kvm_run returned -8 So something appears to be a bit buggy. Still, very good work! Regards, Anthony Liguori 7.10 liveCD doesn't work with me at all. It only works with -no-kvm - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Tue, 06 May 2008 09:30:44 -0500 Anthony Liguori [EMAIL PROTECTED] wrote: 8.04 is not a good test-case. 7.10 is what you want to try. Oh yes you're right. I tried 8.04 because Balaji had problems to boot it with the patch. The good news is, 7.10 appears to work! The bad news is that about 20% of the time, it crashes and displays the following: kvm_run: failed entry, reason 5 kvm_run returned -8 So something appears to be a bit buggy. Still, very good work! I can see the problem with openSuse10.3 too but no so often I'm looking for this issue. Thank you for the help, Regards, Guillaume - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Thu, 1 May 2008 16:13:31 -0300 Marcelo Tosatti [EMAIL PROTECTED] wrote: The code sequence is: 8235: 66 data16 8236: 0f 22 c0mov%eax,%cr0 8239: ea 3e 02 00 08 b8 00ljmp $0xb8,$0x800023e So it switches to realmode and then does a ljmp. Problem is that you're using the segment selector as a GDT index, but in realmode it should be shifted left by 4 to determine the segment base address. Following patch makes Plan9 happy. Other than that, load_segment_descriptor() can return a positive error on failure, should do a proper check. Index: kvm/arch/x86/kvm/x86_emulate.c === --- kvm.orig/arch/x86/kvm/x86_emulate.c +++ kvm/arch/x86/kvm/x86_emulate.c @@ -1755,7 +1755,10 @@ special_insn: goto cannot_emulate; } sel = insn_fetch(u16, 2, c-eip); - if (load_segment_descriptor(ctxt-vcpu, sel, 9, VCPU_SREG_CS) 0) { + if (ctxt-mode == X86EMUL_MODE_REAL) + eip |= (sel 4); + else if (load_segment_descriptor(ctxt-vcpu, sel, 9, + VCPU_SREG_CS) 0) { DPRINTF(jmp far: Failed to load CS descriptor\n); goto cannot_emulate; } Thank you Marcelo for the report. Unfortunately it is not the same problem I'm seeing. The problem I have now is that I can boot until the gfxboot screen but when I choose to install openSuse it generates a kernel panic like this: [EMAIL PROTECTED]/local/kvm-userspace.git/bin]$ ./qemu-system-x86_64 -hda ~/disk_images/hd_50G.qcow2 -cdrom /images_iso/openSUSE-10.3-GM-x86_64-mini.iso -boot d -s -m 1024 -serial stdio Linux version 2.6.22.5-31-default ([EMAIL PROTECTED]) (gcc version 4.2.1 (SUSE Linux)) #1 SMP 2007/09/21 22:29:00 UTC Command line: BOOT_IMAGE=linux initrd=initrd,08000600.spl splash=silent vga=0x314 install=slp:/ console=ttyS0 BIOS-provided physical RAM map: BIOS-e820: - 0009fc00 (usable) BIOS-e820: 0009fc00 - 000a (reserved) BIOS-e820: 000e8000 - 0010 (reserved) BIOS-e820: 0010 - 3fff (usable) BIOS-e820: 3fff - 4000 (ACPI data) BIOS-e820: fffbd000 - 0001 (reserved) end_pfn_map = 1048576 DMI 2.4 present. ACPI: RSDP 000FB450, 0014 (r0 QEMU ) ACPI: RSDT 3FFF, 002C (r1 QEMU QEMURSDT1 QEMU1) ACPI: FACP 3FFF002C, 0074 (r1 QEMU QEMUFACP1 QEMU1) ACPI: DSDT 3FFF0100, 2464 (r1 BXPC BXDSDT1 INTL 20061109) ACPI: FACS 3FFF00C0, 0040 ACPI: APIC 3FFF2568, 00E0 (r1 QEMU QEMUAPIC1 QEMU1) No NUMA configuration found Faking a node at -3fff Bootmem setup node 0 -3fff No mptable found. Zone PFN ranges: DMA 0 - 4096 DMA324096 - 1048576 Normal1048576 - 1048576 early_node_map[2] active PFN ranges 0:0 - 159 0: 256 - 262128 ACPI: PM-Timer IO Port: 0xb008 ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled) Processor #0 (Bootup-CPU) ACPI: LAPIC (acpi_id[0x01] lapic_id[0x01] disabled) ACPI: LAPIC (acpi_id[0x02] lapic_id[0x02] disabled) ACPI: LAPIC (acpi_id[0x03] lapic_id[0x03] disabled) ACPI: LAPIC (acpi_id[0x04] lapic_id[0x04] disabled) ACPI: LAPIC (acpi_id[0x05] lapic_id[0x05] disabled) ACPI: LAPIC (acpi_id[0x06] lapic_id[0x06] disabled) ACPI: LAPIC (acpi_id[0x07] lapic_id[0x07] disabled) ACPI: LAPIC (acpi_id[0x08] lapic_id[0x08] disabled) ACPI: LAPIC (acpi_id[0x09] lapic_id[0x09] disabled) ACPI: LAPIC (acpi_id[0x0a] lapic_id[0x0a] disabled) ACPI: LAPIC (acpi_id[0x0b] lapic_id[0x0b] disabled) ACPI: LAPIC (acpi_id[0x0c] lapic_id[0x0c] disabled) ACPI: LAPIC (acpi_id[0x0d] lapic_id[0x0d] disabled) ACPI: LAPIC (acpi_id[0x0e] lapic_id[0x0e] disabled) ACPI: LAPIC (acpi_id[0x0f] lapic_id[0x0f] disabled) ACPI: IOAPIC (id[0x01] address[0xfec0] gsi_base[0]) IOAPIC[0]: apic_id 1, address 0xfec0, GSI 0-23 ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) Setting APIC routing to flat Using ACPI (MADT) for SMP configuration information swsusp: Registered nosave memory region: 0009f000 - 000a swsusp: Registered nosave memory region: 000a - 000e8000 swsusp: Registered nosave memory region: 000e8000 - 0010 Allocating PCI resources starting at 5000 (gap: 4000:bffbd000) SMP: Allowing 16 CPUs, 15 hotplug CPUs PERCPU: Allocating 50296 bytes of per cpu data Built 1 zonelists. Total pages: 257180 Kernel command line: BOOT_IMAGE=linux initrd=initrd,08000600.spl
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Sat, 3 May 2008 13:56:56 +0530 Balaji Rao [EMAIL PROTECTED] wrote: With your patch applied ubuntu 8.04 livecd fails to boot. Not any better with Marcelo's patch on top. Hi Balaji, And without the patch, can you boot the ubuntu 8.04 livecd? Regards, Guillaume - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Monday 05 May 2008 06:10:08 pm Guillaume Thouvenin wrote: On Sat, 3 May 2008 13:56:56 +0530 Balaji Rao [EMAIL PROTECTED] wrote: With your patch applied ubuntu 8.04 livecd fails to boot. Not any better with Marcelo's patch on top. Hi Balaji, And without the patch, can you boot the ubuntu 8.04 livecd? Yes, I can. :) Regards, Guillaume -- Warm Regards, Balaji Rao Dept. of Mechanical Engineering NITK - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Guillaume Thouvenin wrote: On Sat, 3 May 2008 13:56:56 +0530 Balaji Rao [EMAIL PROTECTED] wrote: With your patch applied ubuntu 8.04 livecd fails to boot. Not any better with Marcelo's patch on top. Hi Balaji, And without the patch, can you boot the ubuntu 8.04 livecd? WinXP fails to boot with your patch applied too. FWIW, Ubuntu 8.04 has a fixed version of gfxboot that doesn't do nasty things with SS on privileged mode transitions. Regards, Anthony Liguori Regards, Guillaume - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Mon, May 5, 2008 at 3:57 PM, Anthony Liguori [EMAIL PROTECTED] wrote: WinXP fails to boot with your patch applied too. FWIW, Ubuntu 8.04 has a fixed version of gfxboot that doesn't do nasty things with SS on privileged mode transitions. WinXP fails with the patch applied too. Ubuntu 7.10 live CD and FreeDOS don't boot but complain about instruction mov 0x11,sreg not being emulated. - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
On Friday 02 May 2008 12:43:31 am Marcelo Tosatti wrote: Hi Guillaume, With your patch applied ubuntu 8.04 livecd fails to boot. Not any better with Marcelo's patch on top. exception 13 (33) rax 007f rbx 0080 rcx rdx rsi 0005a81c rdi 0005a820 rsp fffa97cc rbp 200c r8 r9 r10 r11 r12 r13 r14 r15 rip b02c rflags 00033882 cs 4004 (00040040/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) ds (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) es 4004 (00040040/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) ss 5881 (00058810/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) fs 3002 (00030020/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) gs (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) tr (fffbd000/2088 p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0) ldt (/ p 1 dpl 0 db 0 s 0 type 2 l 0 g 0 avl 0) gdt 40920/47 idt 0/ cr0 10 cr2 0 cr3 0 cr4 0 cr8 0 efer 0 code: 10 28 6d 01 28 1e 01 28 6d 01 28 1f 01 28 6d 01 28 73 01 17 -- 0f 28 6d 01 28 74 01 17 0f 17 3b 28 6d 01 28 75 01 17 0f 28 6d 01 28 76 01 17 0f 11 1c 17 Aborted -- Warm Regards, Balaji Rao Dept. of Mechanical Engineering NITK - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Hi Guillaume, On Tue, Apr 29, 2008 at 03:02:36PM +0200, Guillaume Thouvenin wrote: Hello, snip -hda ~/disk_images/hd_50G.qcow2 -cdrom /images_iso/openSUSE-10.3-GM-x86_64-mini.iso -boot d -s -m 1024 exception 13 (33) rax 0673 rbx 0080 rcx rdx 13ca rsi 00055e1c rdi 00055e1d rsp fffa0080 rbp 200b r8 r9 r10 r11 r12 r13 r14 r15 rip b071 rflags 00033092 cs 4004 (00040040/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) ds 4004 (00040040/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) es 00ff (0ff0/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) ss ff11 (000ff110/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) fs 3002 (00030020/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) gs (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) tr (fffbd000/2088 p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0) ldt (/ p 1 dpl 0 db 0 s 0 type 2 l 0 g 0 avl 0) gdt 40920/47 idt 0/ cr0 10 cr2 0 cr3 0 cr4 0 cr8 0 efer 0 code: 17 06 29 4b 01 18 eb 18 a8 25 aa 19 28 4c 01 28 4d 01 01 17 -- 0f 17 0f 01 17 0f 17 12 01 17 2c 25 4b 19 21 00 02 17 1a 94 0a 76 67 61 3d 30 78 25 78 20 Aborted It's strange because handle_vmentry_failure() is not called. I'm trying to see where is the problem, any comments are welcome Not sure if this is the same problem you're seeing, but with your patch Plan9 triggers: exception 13 (6b) rax 00010010 rbx 0001 rcx f0012000 rdx 00a1 rsi f0101000 rdi f0009000 rsp 7bfc rbp f0001320 r8 r9 r10 r11 r12 r13 r14 r15 rip 023e rflags 00033002 cs (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) ds (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) es (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) ss (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) fs (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) gs (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) tr (fffbd000/2088 p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0) ldt (/ p 1 dpl 0 db 0 s 0 type 2 l 0 g 0 avl 0) gdt 14000/4f idt 0/3ff cr0 10010 cr2 0 cr3 12000 cr4 d0 cr8 0 efer 0 code: 00 f0 53 ff 00 f0 53 ff 00 f0 53 ff 00 f0 53 ff 00 f0 53 ff -- 00 f0 53 ff 00 f0 53 ff 00 f0 53 ff 00 f0 53 ff 00 f0 53 ff 00 f0 53 ff 00 f0 53 ff 00 f0 The code sequence is: 8235: 66 data16 8236: 0f 22 c0mov%eax,%cr0 8239: ea 3e 02 00 08 b8 00ljmp $0xb8,$0x800023e So it switches to realmode and then does a ljmp. Problem is that you're using the segment selector as a GDT index, but in realmode it should be shifted left by 4 to determine the segment base address. Following patch makes Plan9 happy. Other than that, load_segment_descriptor() can return a positive error on failure, should do a proper check. Index: kvm/arch/x86/kvm/x86_emulate.c === --- kvm.orig/arch/x86/kvm/x86_emulate.c +++ kvm/arch/x86/kvm/x86_emulate.c @@ -1755,7 +1755,10 @@ special_insn: goto cannot_emulate; } sel = insn_fetch(u16, 2, c-eip); - if (load_segment_descriptor(ctxt-vcpu, sel, 9, VCPU_SREG_CS) 0) { + if (ctxt-mode == X86EMUL_MODE_REAL) + eip |= (sel 4); + else if (load_segment_descriptor(ctxt-vcpu, sel, 9, +VCPU_SREG_CS) 0) { DPRINTF(jmp far: Failed to load CS descriptor\n); goto cannot_emulate; } - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Guillaume Thouvenin wrote: Hello, This patch should solve the problem observed during protected mode transitions that appears for example during the installation of openSuse-10.3. Unfortunately there is an issue that crashes kvm-userspace. I'm not sure if it's a problem introduced by the patch or if the patch is good and raises a new issue. You still aren't emulating the instructions correctly I think. Running your patch, I see: [ 979.755349] Failed vm entry (exit reason 0x21) invalid guest state [ 979.755354] emulation at (46e4b) rip 6e0b: ea 10 6e 18 [ 979.755358] successfully emulated instruction [ 979.756105] Failed vm entry (exit reason 0x21) invalid guest state [ 979.756109] emulation at (46e50) rip 6e10: 66 b8 20 00 [ 979.756111] successfully emulated instruction [ 979.756749] Failed vm entry (exit reason 0x21) invalid guest state [ 979.756752] emulation at (46e54) rip 6e14: 8e d8 8c d0 [ 979.756755] successfully emulated instruction [ 979.757427] Failed vm entry (exit reason 0x21) invalid guest state [ 979.757430] emulation at (46e56) rip 6e16: 8c d0 81 e4 [ 979.757433] successfully emulated instruction [ 979.758074] Failed vm entry (exit reason 0x21) invalid guest state [ 979.758077] emulation at (46e58) rip 6e18: 81 e4 ff ff The corresponding gfxboot code is: 16301 6E0B EA[106E]1800jmp pm_seg.prog_c32:switch_to_pm_20 16302 switch_to_pm_20: 16303 16304 bits 32 16305 16306 6E10 66B82000mov ax,pm_seg.prog_d16 16307 6E14 8ED8mov ds,ax 16308 16309 6E16 8CD0mov eax,ss 16310 6E18 81E4and esp,0h The VT state should be correct after executing instruction an RIP 6E16 (mov eax, ss). The next instruction should not cause a vmentry failure. The fact that it is for you indicates that you're not updating guest state correctly. My guess would be that load_segment_descriptor is not updating the values within the VMCS. Regards, Anthony Liguori - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Guillaume Thouvenin wrote: Hello, This patch should solve the problem observed during protected mode transitions that appears for example during the installation of openSuse-10.3. Unfortunately there is an issue that crashes kvm-userspace. I'm not sure if it's a problem introduced by the patch or if the patch is good and raises a new issue. Here is what I'm doing: 1) Remove the SS patching that modifies SS_SELECTOR in enter_pmode() to see vmentry failure. 2) Add the handler that catches the VMentry failure. It is called handle_vmentry_failure() 3) while CS.RPL != SS.RPL, emulate the instruction. 4) Add the emulation of ljmp, mov r, imm, mov sreg, r/m16 and mov r/m16, sreg that have respectively opcode 0xea, 0xb8, 0x8e and 0x8c. Normally, it should be sufficient to boot openSuse-10.3 because instructions that need to be emulated are: 0x00046e53: ljmp $0x18,$0x6e18 0x00046e58: mov$0x20,%ax 0x00046e5c: mov%eax,%ds 0x00046e5e: mov%ss,%eax 0x00046e60: and$0x,%esp 0x00046e66: shl$0x4,%eax 0x00046e69: add%eax,%esp 0x00046e6b: mov$0x8,%ax 0x00046e6f: mov%eax,%ss At this point, cs.rpl is equal to ss.rpl. I added trace in handle_vmentry_failure() and also in writeback() to see what functions are emulated and I observe: snip trace So everything seems ok but after the emulation of mov %eax,%ss instruction, it seems that cs.rpl == ss.rpl but the guest is still in a VT-unfriendly state because I have the following error in kvm-userspace: [EMAIL PROTECTED]/local/kvm-userspace.git/bin]$ ./qemu-system-x86_64 -hda ~/disk_images/hd_50G.qcow2 -cdrom /images_iso/openSUSE-10.3-GM-x86_64-mini.iso -boot d -s -m 1024 exception 13 (33) rax 0673 rbx 0080 rcx rdx 13ca rsi 00055e1c rdi 00055e1d rsp fffa0080 rbp 200b r8 r9 r10 r11 r12 r13 r14 r15 rip b071 rflags 00033092 cs 4004 (00040040/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) ds 4004 (00040040/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) es 00ff (0ff0/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) ss ff11 (000ff110/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) fs 3002 (00030020/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) gs (/ p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0) tr (fffbd000/2088 p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0) ldt (/ p 1 dpl 0 db 0 s 0 type 2 l 0 g 0 avl 0) gdt 40920/47 idt 0/ cr0 10 cr2 0 cr3 0 cr4 0 cr8 0 efer 0 code: 17 06 29 4b 01 18 eb 18 a8 25 aa 19 28 4c 01 28 4d 01 01 17 -- 0f 17 0f 01 17 0f 17 12 01 17 2c 25 4b 19 21 00 02 17 1a 94 0a 76 67 61 3d 30 78 25 78 20 Aborted My memory of x86 protected mode is flaky so I apologise if this is wasted time. Are we looking at the runtime registers for the VM or the registers for the host? Isn't PE clear in CR0 (which I think is real mode and there should be no cpl or rpl). If this is in protected mode (or cpl/rpl are a carried over as a side effect of big real mode), are you sure cs.rpl == ss.rpl? I think I read cs.rpl == 0 and ss.rpl == 1. The opcode with the exception is pop %ss I believe (assuming 32 bit code). Is the value dumped for ss the value loaded by the pop or the value from before the pop? I think cpl is zero and I thought it was ok for code at some cpl to use selectors with rpls equal to its cpl or lower (higher rpl number). That made me wonder if the loaded ss is not the value shown but the value that would have been loaded by the pop. In which case I wonder if it would be a selector for an invalid descriptor. It's a shame we don't see the stack. Beyond that I risk confusion so I'll leave it there, I hope it helps. --- David Mair. - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Le mardi 29 avril 2008 à 11:41 -0500, Anthony Liguori a écrit : Guillaume Thouvenin wrote: Hello, This patch should solve the problem observed during protected mode transitions that appears for example during the installation of openSuse-10.3. Unfortunately there is an issue that crashes kvm-userspace. I'm not sure if it's a problem introduced by the patch or if the patch is good and raises a new issue. You still aren't emulating the instructions correctly I think. Running your patch, I see: [ 979.755349] Failed vm entry (exit reason 0x21) invalid guest state [ 979.755354] emulation at (46e4b) rip 6e0b: ea 10 6e 18 [ 979.755358] successfully emulated instruction [ 979.756105] Failed vm entry (exit reason 0x21) invalid guest state [ 979.756109] emulation at (46e50) rip 6e10: 66 b8 20 00 [ 979.756111] successfully emulated instruction [ 979.756749] Failed vm entry (exit reason 0x21) invalid guest state [ 979.756752] emulation at (46e54) rip 6e14: 8e d8 8c d0 [ 979.756755] successfully emulated instruction [ 979.757427] Failed vm entry (exit reason 0x21) invalid guest state [ 979.757430] emulation at (46e56) rip 6e16: 8c d0 81 e4 [ 979.757433] successfully emulated instruction [ 979.758074] Failed vm entry (exit reason 0x21) invalid guest state [ 979.758077] emulation at (46e58) rip 6e18: 81 e4 ff ff The corresponding gfxboot code is: 16301 6E0B EA[106E]1800jmp pm_seg.prog_c32:switch_to_pm_20 16302 switch_to_pm_20: 16303 16304 bits 32 16305 16306 6E10 66B82000mov ax,pm_seg.prog_d16 16307 6E14 8ED8mov ds,ax 16308 16309 6E16 8CD0mov eax,ss 16310 6E18 81E4and esp,0h The VT state should be correct after executing instruction an RIP 6E16 (mov eax, ss). The next instruction should not cause a vmentry Are you sure ? It is intel notation (opcode dst,src) , so it updates eax, not ss. Guillaumes gives us (with gdb notation, opcode src,dst): 0x00046e53: ljmp $0x18,$0x6e18 0x00046e58: mov$0x20,%ax %EAX = 0x20 0x00046e5c: mov%eax,%ds %DS = 0x20 0x00046e5e: mov%ss,%eax %EAX = %SS = 0x53E1 (in this particular case) For me the issue is with instructions with dst.byte = 0. for instance: 0x00046e66: shl$0x4,%eax [82768.003174] emulation at (46e66) rip 6e26: c1 e0 04 01 [82768.035153] writeback: dst.byte 0 [82768.055174] writeback: dst.ptr 0x [82768.087177] writeback: dst.val 0x53e1 [82768.78] writeback: src.ptr 0x6e28 [82768.143157] writeback: src.val 0x4 So my questions are: Why dst.val is not 0x53e10 ? Why dst.byte is 0 ? failure. The fact that it is for you indicates that you're not updating guest state correctly. My guess would be that load_segment_descriptor is not updating the values within the VMCS. Regards, Anthony Liguori Regards Laurent -- - [EMAIL PROTECTED] --- The best way to predict the future is to invent it. - Alan Kay - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Le mardi 29 avril 2008 à 19:09 +0200, Laurent Vivier a écrit : Le mardi 29 avril 2008 à 11:41 -0500, Anthony Liguori a écrit : Guillaume Thouvenin wrote: Hello, This patch should solve the problem observed during protected mode transitions that appears for example during the installation of openSuse-10.3. Unfortunately there is an issue that crashes kvm-userspace. I'm not sure if it's a problem introduced by the patch or if the patch is good and raises a new issue. You still aren't emulating the instructions correctly I think. Running your patch, I see: [ 979.755349] Failed vm entry (exit reason 0x21) invalid guest state [ 979.755354] emulation at (46e4b) rip 6e0b: ea 10 6e 18 [ 979.755358] successfully emulated instruction [ 979.756105] Failed vm entry (exit reason 0x21) invalid guest state [ 979.756109] emulation at (46e50) rip 6e10: 66 b8 20 00 [ 979.756111] successfully emulated instruction [ 979.756749] Failed vm entry (exit reason 0x21) invalid guest state [ 979.756752] emulation at (46e54) rip 6e14: 8e d8 8c d0 [ 979.756755] successfully emulated instruction [ 979.757427] Failed vm entry (exit reason 0x21) invalid guest state [ 979.757430] emulation at (46e56) rip 6e16: 8c d0 81 e4 [ 979.757433] successfully emulated instruction [ 979.758074] Failed vm entry (exit reason 0x21) invalid guest state [ 979.758077] emulation at (46e58) rip 6e18: 81 e4 ff ff The corresponding gfxboot code is: 16301 6E0B EA[106E]1800jmp pm_seg.prog_c32:switch_to_pm_20 16302 switch_to_pm_20: 16303 16304 bits 32 16305 16306 6E10 66B82000mov ax,pm_seg.prog_d16 16307 6E14 8ED8mov ds,ax 16308 16309 6E16 8CD0mov eax,ss 16310 6E18 81E4and esp,0h The VT state should be correct after executing instruction an RIP 6E16 (mov eax, ss). The next instruction should not cause a vmentry Are you sure ? It is intel notation (opcode dst,src) , so it updates eax, not ss. Guillaumes gives us (with gdb notation, opcode src,dst): 0x00046e53: ljmp $0x18,$0x6e18 0x00046e58: mov$0x20,%ax %EAX = 0x20 0x00046e5c: mov%eax,%ds %DS = 0x20 0x00046e5e: mov%ss,%eax %EAX = %SS = 0x53E1 (in this particular case) For me the issue is with instructions with dst.byte = 0. for instance: 0x00046e66: shl$0x4,%eax [82768.003174] emulation at (46e66) rip 6e26: c1 e0 04 01 [82768.035153] writeback: dst.byte 0 [82768.055174] writeback: dst.ptr 0x [82768.087177] writeback: dst.val 0x53e1 [82768.78] writeback: src.ptr 0x6e28 [82768.143157] writeback: src.val 0x4 So my questions are: Why dst.val is not 0x53e10 ? I can answer myself to this one: emulate_2op_SrcB(sal, c-src, c-dst, ctxt-eflags); does nothing if dst.byte == 0 So next question is the good question... Why dst.byte is 0 ? failure. The fact that it is for you indicates that you're not updating guest state correctly. My guess would be that load_segment_descriptor is not updating the values within the VMCS. Regards, Anthony Liguori Regards Laurent -- - [EMAIL PROTECTED] --- The best way to predict the future is to invent it. - Alan Kay - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Laurent Vivier wrote: Le mardi 29 avril 2008 à 11:41 -0500, Anthony Liguori a écrit : Guillaume Thouvenin wrote: Hello, This patch should solve the problem observed during protected mode transitions that appears for example during the installation of openSuse-10.3. Unfortunately there is an issue that crashes kvm-userspace. I'm not sure if it's a problem introduced by the patch or if the patch is good and raises a new issue. You still aren't emulating the instructions correctly I think. Running your patch, I see: [ 979.755349] Failed vm entry (exit reason 0x21) invalid guest state [ 979.755354] emulation at (46e4b) rip 6e0b: ea 10 6e 18 [ 979.755358] successfully emulated instruction [ 979.756105] Failed vm entry (exit reason 0x21) invalid guest state [ 979.756109] emulation at (46e50) rip 6e10: 66 b8 20 00 [ 979.756111] successfully emulated instruction [ 979.756749] Failed vm entry (exit reason 0x21) invalid guest state [ 979.756752] emulation at (46e54) rip 6e14: 8e d8 8c d0 [ 979.756755] successfully emulated instruction [ 979.757427] Failed vm entry (exit reason 0x21) invalid guest state [ 979.757430] emulation at (46e56) rip 6e16: 8c d0 81 e4 [ 979.757433] successfully emulated instruction [ 979.758074] Failed vm entry (exit reason 0x21) invalid guest state [ 979.758077] emulation at (46e58) rip 6e18: 81 e4 ff ff The corresponding gfxboot code is: 16301 6E0B EA[106E]1800jmp pm_seg.prog_c32:switch_to_pm_20 16302 switch_to_pm_20: 16303 16304 bits 32 16305 16306 6E10 66B82000mov ax,pm_seg.prog_d16 16307 6E14 8ED8mov ds,ax 16308 16309 6E16 8CD0mov eax,ss 16310 6E18 81E4and esp,0h The VT state should be correct after executing instruction an RIP 6E16 (mov eax, ss). The next instruction should not cause a vmentry Are you sure ? It is intel notation (opcode dst,src) , so it updates eax, not ss. Guillaumes gives us (with gdb notation, opcode src,dst): You're right, it's a fair bit down the code before the ss move happens. Regards, Anthony Liguori 0x00046e53: ljmp $0x18,$0x6e18 0x00046e58: mov$0x20,%ax %EAX = 0x20 0x00046e5c: mov%eax,%ds %DS = 0x20 0x00046e5e: mov%ss,%eax %EAX = %SS = 0x53E1 (in this particular case) For me the issue is with instructions with dst.byte = 0. for instance: 0x00046e66: shl$0x4,%eax [82768.003174] emulation at (46e66) rip 6e26: c1 e0 04 01 [82768.035153] writeback: dst.byte 0 [82768.055174] writeback: dst.ptr 0x [82768.087177] writeback: dst.val 0x53e1 [82768.78] writeback: src.ptr 0x6e28 [82768.143157] writeback: src.val 0x4 So my questions are: Why dst.val is not 0x53e10 ? Why dst.byte is 0 ? failure. The fact that it is for you indicates that you're not updating guest state correctly. My guess would be that load_segment_descriptor is not updating the values within the VMCS. Regards, Anthony Liguori Regards Laurent - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel
Re: [kvm-devel] Protected mode transitions and big real mode... still an issue
Laurent Vivier wrote: Why dst.val is not 0x53e10 ? I can answer myself to this one: emulate_2op_SrcB(sal, c-src, c-dst, ctxt-eflags); does nothing if dst.byte == 0 So next question is the good question... Why dst.byte is 0 ? Because dst.bytes is only set if dst.type == OP_MEM, or ad hoc in the instruction itself. Better to set it unconditionally (and adjust in the instruction if necessary). -- Any sufficiently difficult bug is indistinguishable from a feature. - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ kvm-devel mailing list kvm-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-devel