From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <aliguori@us.ibm.com>
Subject: Re: [PATCH][RFC] Emulating real mode with x86_emulate
Date: Thu, 29 Mar 2007 22:20:39 -0500
Message-ID: <460C8207.8000604@us.ibm.com>
References: <4607074E.1030807@us.ibm.com>
	<1175203075.27076.17.camel@lnitindesktop.sc.intel.com>
	<460C4AAE.5020707@us.ibm.com>
	<1175212362.27076.32.camel@lnitindesktop.sc.intel.com>
	<460C55BD.5050202@us.ibm.com>
	<1175216381.27076.39.camel@lnitindesktop.sc.intel.com>
	<1175221214.27076.43.camel@lnitindesktop.sc.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <1175221214.27076.43.camel@lnitindesktop.sc.intel.com>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: "Kamble, Nitin A" <nitin.a.kamble@intel.com>
Cc: "Yu, Wilfred" <wilfred.yu@intel.com>, xen-devel@lists.xensource.com, Keir Fraser <keir@xensource.com>, "Nakajima, Jun" <jun.nakajima@intel.com>
List-Id: xen-devel@lists.xenproject.org

Kamble, Nitin A wrote:
> Hi Anthony,
>   With the new revision I am able to get the -emulate-16bit command 
> line switch working.
>
> (XEN) HVM2: Creating MP tables 
> ...                                             
> (XEN) HVM2: Loading Cirrus VGABIOS 
> ...                                         
> (XEN) HVM2: Loading ACPI 
> ...                                                   
> (XEN) HVM2: Loading VMXAssist ... 
> deadbeef                                     
> (XEN) HVM2: 
> foo                                                                
> (XEN) 
> hvmop_emulate_realmode                                                   
> (XEN) guest requests real mode 
> emulation                                       
> (XEN) foo 
> 221                                                                  
> (XEN) HVM2: Invoking ROMBIOS 
> ...                                               
> (XEN) hvm.c:446:d2 Triple fault on VCPU0 - invoking HVM system reset.

The Triple fault you're seeing here is terribly curious.  Also the 
"deadbeef" output.  Just to sanity check, I threw the following printk 
in vmcs.c

     while (!hypercall_preempt_check()) {
+        printk("eip = 0x%x\n", regs->eip);
         if (x86_emulate(&ctxt, &em_ops)) {

And I get the following output with a FC5 guest:

(XEN) 
hvmop_emulate_realmode                                                   
(XEN) guest requests real mode 
emulation                                       
(XEN) foo 
221                                                                  
(XEN) eip = 
0xd338d                                                            
(XEN) eip = 
0xd338e                                                            
(XEN) eip = 
0xffbf0000                                                         
(XEN) failed to emulate instruction at %eip = 
0xd338d                          
(XEN) domain_crash_sync called from 
vmcs.c:625                                 
(XEN) Domain 1 (vcpu#0) crashed on 
cpu#0:                                      
(XEN) ----[ Xen-3.0-unstable  x86_32  debug=n  Not tainted 
]----               
(XEN) CPU:    
0                                                                
(XEN) EIP:    
0010:[<000d338d>]                                                
(XEN) EFLAGS: 00000002   CONTEXT: 
hvm                                          
(XEN) eax: 00000076   ebx: 000d7324   ecx: 000d7324   edx: 
000000e9            
(XEN) esi: 000d4e54   edi: 000d3380   ebp: 000d72a8   esp: 
000d72a8            
(XEN) cr0: 00050032   cr4: 00000651   cr3: 00000000   cr2: 
00000000            
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: 0018   cs: 0010   

So, perhaps it's the guest you're using?  Clearly, we're running in 
x86_emulate and hitting a 16 bit instruction we can't handle.  N.B. the 
printk in the error path for x86_emulate is wrong.  I should be looking 
at regs->eip, not GUEST_RIP since that wouldn't have been updated again.

Regards,

Anthony Liguori

> I have not added any debug lines in the code yet, and I don't know how 
> far is the emulator going. I will check it tomorrow.
>
> Thanks & Regards,
> Nitin
> Open Source Technology Center, Intel Corporation.
> -------------------------------------------------------------------------
> The mind is like a parachute; it works much better when it's open.
>
>
> On Thu, 2007-03-29 at 17:59 -0700, Nitin A Kamble wrote:
>> On Thu, 2007-03-29 at 19:11 -0500, Anthony Liguori wrote:
>>
>>> Okay, you'll need to make sure that hvmloader and qemu are both being 
>>> rebuilt and reinstalled.
>>>
>>>       
>> I am sure both are built with the patch and installed correctly.
>>
>>> The really curious thing is that eip from the VMCS is set to 0.  eip 
>>> should be address of the EIP of whatever movl cr0 instruction that 
>>> occurs when returning from main() in hvmloader.
>>>
>>>       
>> I also find that x86_emulate() is never called while emulate_realmode 
>> is set in the hypervisor.
>>
>>> I guess it's possible that if you are using a version of unstable that 
>>> predates Keir's recent hvmloader changes, you wouldn't have hvmloader 
>>> switching to real mode.  That could explain some of the weirdness you're 
>>> seeing.  What changeset are you on?
>>>       
>> So far I am using: r14560_20070326
>>
>> Now I am trying with: r14631_20070329
>>
>> Thanks & Regards,
>> Nitin
>> Open Source Technology Center, Intel Corporation.
>> -------------------------------------------------------------------------
>> The mind is like a parachute; it works much better when it's open.
>>
>