From mboxrd@z Thu Jan 1 00:00:00 1970 From: Anthony Liguori Subject: Re: Re: [PATCH][RFC] Emulating real mode with x86_emulate Date: Thu, 29 Mar 2007 22:55:26 -0500 Message-ID: <460C8A2E.7060906@us.ibm.com> References: <4607074E.1030807@us.ibm.com> <1175203075.27076.17.camel@lnitindesktop.sc.intel.com> <460C4AAE.5020707@us.ibm.com> <1175212362.27076.32.camel@lnitindesktop.sc.intel.com> <460C55BD.5050202@us.ibm.com> <1175216381.27076.39.camel@lnitindesktop.sc.intel.com> <1175221214.27076.43.camel@lnitindesktop.sc.intel.com> <460C8207.8000604@us.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <460C8207.8000604@us.ibm.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: "Kamble, Nitin A" Cc: "Yu, Wilfred" , xen-devel@lists.xensource.com, Keir Fraser , "Nakajima, Jun" List-Id: xen-devel@lists.xenproject.org Ugh! Sorry that got munged. Let me try again: (XEN) hvmop_emulate_realmode (XEN) guest requests real mode emulation (XEN) foo 221 (XEN) eip = 0xd338d (XEN) eip = 0xd338e (XEN) eip = 0xffbf0000 (XEN) failed to emulate instruction at %eip = 0xd338d (XEN) domain_crash_sync called from vmcs.c:625 (XEN) Domain 1 (vcpu#0) crashed on cpu#0: (XEN) ----[ Xen-3.0-unstable x86_32 debug=n Not tainted ]---- (XEN) CPU: 0 (XEN) EIP: 0010:[<000d338d>] (XEN) EFLAGS: 00000002 CONTEXT: hvm (XEN) eax: 00000076 ebx: 000d7324 ecx: 000d7324 edx: 000000e9 (XEN) esi: 000d4e54 edi: 000d3380 ebp: 000d72a8 esp: 000d72a8 (XEN) cr0: 00050032 cr4: 00000651 cr3: 00000000 cr2: 00000000 (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: 0018 cs: 0010 Regards, Anthony Liguori Anthony Liguori wrote: > Kamble, Nitin A wrote: >> Hi Anthony, >> With the new revision I am able to get the -emulate-16bit command >> line switch working. >> >> (XEN) HVM2: Creating MP tables >> ... (XEN) HVM2: Loading >> Cirrus VGABIOS ... (XEN) >> HVM2: Loading ACPI >> ... (XEN) HVM2: >> Loading VMXAssist ... deadbeef >> (XEN) HVM2: >> foo >> (XEN) >> hvmop_emulate_realmode >> (XEN) guest requests real mode >> emulation (XEN) foo >> 221 >> (XEN) HVM2: Invoking ROMBIOS >> ... (XEN) hvm.c:446:d2 >> Triple fault on VCPU0 - invoking HVM system reset. > > The Triple fault you're seeing here is terribly curious. Also the > "deadbeef" output. Just to sanity check, I threw the following printk > in vmcs.c > > while (!hypercall_preempt_check()) { > + printk("eip = 0x%x\n", regs->eip); > if (x86_emulate(&ctxt, &em_ops)) { > > And I get the following output with a FC5 guest: > > (XEN) > hvmop_emulate_realmode > (XEN) guest requests real mode > emulation (XEN) foo > 221 > (XEN) eip = > 0xd338d > (XEN) eip = > 0xd338e > (XEN) eip = > 0xffbf0000 > (XEN) failed to emulate instruction at %eip = > 0xd338d (XEN) domain_crash_sync called from > vmcs.c:625 (XEN) Domain 1 (vcpu#0) > crashed on cpu#0: (XEN) ----[ > Xen-3.0-unstable x86_32 debug=n Not tainted ]---- > (XEN) CPU: > 0 (XEN) > EIP: > 0010:[<000d338d>] (XEN) > EFLAGS: 00000002 CONTEXT: > hvm (XEN) eax: 00000076 > ebx: 000d7324 ecx: 000d7324 edx: 000000e9 (XEN) esi: > 000d4e54 edi: 000d3380 ebp: 000d72a8 esp: 000d72a8 > (XEN) cr0: 00050032 cr4: 00000651 cr3: 00000000 cr2: > 00000000 (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 > ss: 0018 cs: 0010 > So, perhaps it's the guest you're using? Clearly, we're running in > x86_emulate and hitting a 16 bit instruction we can't handle. N.B. > the printk in the error path for x86_emulate is wrong. I should be > looking at regs->eip, not GUEST_RIP since that wouldn't have been > updated again. > > Regards, > > Anthony Liguori > >> I have not added any debug lines in the code yet, and I don't know >> how far is the emulator going. I will check it tomorrow. >> >> Thanks & Regards, >> Nitin >> Open Source Technology Center, Intel Corporation. >> ------------------------------------------------------------------------- >> >> The mind is like a parachute; it works much better when it's open. >> >> >> On Thu, 2007-03-29 at 17:59 -0700, Nitin A Kamble wrote: >>> On Thu, 2007-03-29 at 19:11 -0500, Anthony Liguori wrote: >>> >>>> Okay, you'll need to make sure that hvmloader and qemu are both >>>> being rebuilt and reinstalled. >>>> >>>> >>> I am sure both are built with the patch and installed correctly. >>> >>>> The really curious thing is that eip from the VMCS is set to 0. >>>> eip should be address of the EIP of whatever movl cr0 instruction >>>> that occurs when returning from main() in hvmloader. >>>> >>>> >>> I also find that x86_emulate() is never called while >>> emulate_realmode is set in the hypervisor. >>> >>>> I guess it's possible that if you are using a version of unstable >>>> that predates Keir's recent hvmloader changes, you wouldn't have >>>> hvmloader switching to real mode. That could explain some of the >>>> weirdness you're seeing. What changeset are you on? >>>> >>> So far I am using: r14560_20070326 >>> >>> Now I am trying with: r14631_20070329 >>> >>> Thanks & Regards, >>> Nitin >>> Open Source Technology Center, Intel Corporation. >>> ------------------------------------------------------------------------- >>> >>> The mind is like a parachute; it works much better when it's open. >>> >> > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >