From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [RFC PATCH 0/3] Real mode interrupt injection
Date: Wed, 11 Aug 2010 07:15:34 -0400
Message-ID: <4C628656.8060208@redhat.com>
References: <1281295456-11114-1-git-send-email-m.gamal005@gmail.com>	<4C60BF08.2050704@redhat.com> <AANLkTi=nq+7hPw1XLksP+ocVoKHxBS9vUEiKmw-GF-8Q@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: mtosatti@redhat.com, kvm@vger.kernel.org
To: Mohammed Gamal <m.gamal005@gmail.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:18584 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750734Ab0HKLPh (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 11 Aug 2010 07:15:37 -0400
In-Reply-To: <AANLkTi=nq+7hPw1XLksP+ocVoKHxBS9vUEiKmw-GF-8Q@mail.gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

  On 08/10/2010 01:06 PM, Mohammed Gamal wrote:
>
> In the other instance the guest seems to jump to nowhere after
> successfully running the BIOS, the emulator then seems to emulate
> garbage. Here is the relevant part of the trace:
>
> qemu-system-x86-4327  [001]   169.394467: kvm_exit: reason
> EXCEPTION_NMI rip 0x7e1f
>   qemu-system-x86-4327  [001]   169.394467: kvm_page_fault: address 4c
> error_code 9

Here, the guest tried to execute INT 13, but exited since the IDT was 
paged out.

>   qemu-system-x86-4327  [001]   169.394470: kvm_inj_virq: irq 19

vmx_complete_interrupts() recovered the interrupt (0x13 == 19) and is 
reinjecting it

>   qemu-system-x86-4327  [001]   169.394475: kvm_entry: vcpu 0
>   qemu-system-x86-4327  [001]   169.394477: kvm_exit: reason
> EXCEPTION_NMI rip 0x7e1f
>   qemu-system-x86-4327  [001]   169.394478: kvm_page_fault: address
> f7e1f error_code 1d

f7e1f seems to be in the middle of some instruction:

    f7e03:       26 67 8b 28             addr32 mov %es:(%eax),%bp
    f7e07:       66 0f b7 ed             movzwl %bp,%ebp
    f7e0b:       66 83 c1 0c             add    $0xc,%ecx
    f7e0f:       66 89 c8                mov    %ecx,%eax
    f7e12:       66 c1 e8 04             shr    $0x4,%eax
    f7e16:       8e c0                   mov    %ax,%es
    f7e18:       66 83 e1 0f             and    $0xf,%ecx
    f7e1c:       26 67 66 8b 01          addr32 mov %es:(%ecx),%eax
    f7e21:       67 66 89 44 24 14       addr32 mov %eax,0x14(%esp)
    f7e27:       66 89 ee                mov    %ebp,%esi
    f7e2a:       66 0f af f2             imul   %edx,%esi
    f7e2e:       66 01 c6                add    %eax,%esi
    f7e31:       8c d0                   mov    %ss,%ax
    f7e33:       8e c0                   mov    %ax,%es
    f7e35:       66 89 f2                mov    %esi,%edx
    f7e38:       66 c1 ea 04             shr    $0x4,%edx
    f7e3c:       66 83 e6 0f             and    $0xf,%esi
    f7e40:       66 89 e9                mov    %ebp,%ecx
    f7e43:       67 66 8b 7c 24 18       addr32 mov 0x18(%esp),%edi

So, looks like the reinjection failed.  Please add trace_printk()s so we 
can see what values the emulator read from the IDT (and from what 
address it read them).

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.