* Emulation failure
@ 2013-08-19 1:14 Duy Nguyen TN
2013-08-19 9:27 ` Paolo Bonzini
0 siblings, 1 reply; 4+ messages in thread
From: Duy Nguyen TN @ 2013-08-19 1:14 UTC (permalink / raw)
To: kvm
Hi,
I got this error with qem-kvm-0.15.1 on kernel 3.1.0-1.2-desktop
(OpenSUSE 12.1). I know I should rerun it with latest kernel/qemu but I
hope maybe this rings a bell or something, because it'll take some time
for me to prepare new kernel.
KVM internal error. Suberror: 1
emulation failure
RAX=00007ffff7ff9000 RBX=00007ffff7e93608 RCX=00007ffff5d4d81a
RDX=0000000000000001
RSI=0000000000001000 RDI=0000000000000000 RBP=0000000069a07700
RSP=00007ffff7e934b0
R8 =0000000000000008 R9 =0000000000000000 R10=0000000000000002
R11=0000000000000246
R12=0000000069a07700 R13=00007ffff7e937d8 R14=0000003000704c04
R15=0000003000704c04
RIP=0000000000b1dd44 RFL=00010202 [-------] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00000000
CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA]
DS =0000 0000000000000000 ffffffff 00000000
FS =0000 00007ffff7e94700 ffffffff 00000000
GS =0000 0000000000000000 ffffffff 00000000
LDT=0000 0000000000000000 ffffffff 00000000
TR =0040 ffff88003aa0df80 00002087 00008b00 DPL=0 TSS64-busy
GDT= ffff88003aa04000 0000007f
IDT= ffffffff816ad000 00000fff
CR0=80050033 CR2=00007ffff5a68180 CR3=00000000289ad000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
Code=00 85 c0 75 5d 48 8b 05 5c f5 e1 00 48 83 b8 f0 00 00 00 00 <df> a8
f0 00 00 00 0f 88 a0 00 00 00 8b 05 4a f5 e1 00 48 89 44 24 80 df 6c 24
80 de c9 d8
The disassembled code is
0x1dd10: push %rbx
0x1dd11: mov $0x6e,%eax
0x1dd16: mov %rdi,%rbx
0x1dd19: sub $0x20,%rsp
0x1dd1d: test %rdi,%rdi
0x1dd20: je 0xb1dd92
0x1dd22: mov 0x4bf1e0(%rip),%eax
0x1dd28: cmp $0xffffffff,%eax
0x1dd2b: je 0xb1ddd0
0x1dd31: test %eax,%eax
0x1dd33: jne 0xb1dd92
0x1dd35: mov 0xe1f55c(%rip),%rax
0x1dd3c: cmpq $0x0,0xf0(%rax)
0x1dd44: fildll 0xf0(%rax)
0x1dd4a: js 0xb1ddf0
0x1dd50: mov 0xe1f54a(%rip),%eax
0x1dd56: mov %rax,-0x80(%rsp)
0x1dd5b: fildll -0x80(%rsp)
0x1dd5f: fmulp %st,%st(1)
Not sure if it helps but rax after 0xb1dd35 contains the pointer to
mmap'd memory of /dev/hpet
--
Duy
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Emulation failure
2013-08-19 1:14 Emulation failure Duy Nguyen TN
@ 2013-08-19 9:27 ` Paolo Bonzini
2013-08-20 1:26 ` Duy Nguyen TN
0 siblings, 1 reply; 4+ messages in thread
From: Paolo Bonzini @ 2013-08-19 9:27 UTC (permalink / raw)
To: duy.nguyen; +Cc: kvm
Il 19/08/2013 03:14, Duy Nguyen TN ha scritto:
>
> I got this error with qem-kvm-0.15.1 on kernel 3.1.0-1.2-desktop
> (OpenSUSE 12.1). I know I should rerun it with latest kernel/qemu but I
> hope maybe this rings a bell or something, because it'll take some time
> for me to prepare new kernel.
>
> KVM internal error. Suberror: 1
> emulation failure
> RAX=00007ffff7ff9000 RBX=00007ffff7e93608 RCX=00007ffff5d4d81a
> RDX=0000000000000001
> RSI=0000000000001000 RDI=0000000000000000 RBP=0000000069a07700
> RSP=00007ffff7e934b0
> R8 =0000000000000008 R9 =0000000000000000 R10=0000000000000002
> R11=0000000000000246
> R12=0000000069a07700 R13=00007ffff7e937d8 R14=0000003000704c04
> R15=0000003000704c04
> RIP=0000000000b1dd44 RFL=00010202 [-------] CPL=3 II=0 A20=1 SMM=0 HLT=0
> ES =0000 0000000000000000 ffffffff 00000000
> CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
> SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA]
> DS =0000 0000000000000000 ffffffff 00000000
> FS =0000 00007ffff7e94700 ffffffff 00000000
> GS =0000 0000000000000000 ffffffff 00000000
> LDT=0000 0000000000000000 ffffffff 00000000
> TR =0040 ffff88003aa0df80 00002087 00008b00 DPL=0 TSS64-busy
> GDT= ffff88003aa04000 0000007f
> IDT= ffffffff816ad000 00000fff
> CR0=80050033 CR2=00007ffff5a68180 CR3=00000000289ad000 CR4=000006f0
> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
> DR3=0000000000000000
> DR6=00000000ffff0ff0 DR7=0000000000000400
> EFER=0000000000000d01
> Code=00 85 c0 75 5d 48 8b 05 5c f5 e1 00 48 83 b8 f0 00 00 00 00 <df> a8
> f0 00 00 00 0f 88 a0 00 00 00 8b 05 4a f5 e1 00 48 89 44 24 80 df 6c 24
> 80 de c9 d8
>
> The disassembled code is
>
> 0x1dd10: push %rbx
> 0x1dd11: mov $0x6e,%eax
> 0x1dd16: mov %rdi,%rbx
> 0x1dd19: sub $0x20,%rsp
> 0x1dd1d: test %rdi,%rdi
> 0x1dd20: je 0xb1dd92
> 0x1dd22: mov 0x4bf1e0(%rip),%eax
> 0x1dd28: cmp $0xffffffff,%eax
> 0x1dd2b: je 0xb1ddd0
> 0x1dd31: test %eax,%eax
> 0x1dd33: jne 0xb1dd92
> 0x1dd35: mov 0xe1f55c(%rip),%rax
> 0x1dd3c: cmpq $0x0,0xf0(%rax)
> 0x1dd44: fildll 0xf0(%rax)
> 0x1dd4a: js 0xb1ddf0
> 0x1dd50: mov 0xe1f54a(%rip),%eax
> 0x1dd56: mov %rax,-0x80(%rsp)
> 0x1dd5b: fildll -0x80(%rsp)
> 0x1dd5f: fmulp %st,%st(1)
>
> Not sure if it helps but rax after 0xb1dd35 contains the pointer to
> mmap'd memory of /dev/hpet
I think this wouldn't work even with the latest kernel. Emulation of
x87 instructions is not supported yet.
Paolo
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Emulation failure
2013-08-19 9:27 ` Paolo Bonzini
@ 2013-08-20 1:26 ` Duy Nguyen TN
2013-08-20 8:16 ` Paolo Bonzini
0 siblings, 1 reply; 4+ messages in thread
From: Duy Nguyen TN @ 2013-08-20 1:26 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: kvm
Vào T2, ngày 19, 08 năm 2013 lúc 11:27 +0200, Paolo Bonzini viết:
> > The disassembled code is
> >
> > 0x1dd10: push %rbx
> > 0x1dd11: mov $0x6e,%eax
> > 0x1dd16: mov %rdi,%rbx
> > 0x1dd19: sub $0x20,%rsp
> > 0x1dd1d: test %rdi,%rdi
> > 0x1dd20: je 0xb1dd92
> > 0x1dd22: mov 0x4bf1e0(%rip),%eax
> > 0x1dd28: cmp $0xffffffff,%eax
> > 0x1dd2b: je 0xb1ddd0
> > 0x1dd31: test %eax,%eax
> > 0x1dd33: jne 0xb1dd92
> > 0x1dd35: mov 0xe1f55c(%rip),%rax
> > 0x1dd3c: cmpq $0x0,0xf0(%rax)
> > 0x1dd44: fildll 0xf0(%rax)
> > 0x1dd4a: js 0xb1ddf0
> > 0x1dd50: mov 0xe1f54a(%rip),%eax
> > 0x1dd56: mov %rax,-0x80(%rsp)
> > 0x1dd5b: fildll -0x80(%rsp)
> > 0x1dd5f: fmulp %st,%st(1)
> >
> > Not sure if it helps but rax after 0xb1dd35 contains the pointer to
> > mmap'd memory of /dev/hpet
>
> I think this wouldn't work even with the latest kernel. Emulation of
> x87 instructions is not supported yet.
I'm confused. How could this program work? It produces similar assembly
listing
-- 8< --
#include <stdio.h>
#include <stdint.h>
uint64_t s_rtcClockPeriod = 10;
uint64_t mc = 3000000000;
int main(int ac, char **av)
{
uint64_t value = (uint64_t)((long double)mc *
(long double)s_rtcClockPeriod /
1000000000.0L);
printf("%lu\n", value);
return 0;
}
-- 8< --
and the assembly I got is
-- 8< --
sub $0x18,%rsp
cmpq $0x0,0x200adc(%rip)
fildll 0x200ad6(%rip)
js 0x4005f8 <main+184>
cmpq $0x0,0x200ac0(%rip)
fildll 0x200aba(%rip)
js 0x400612 <main+210>
fmulp %st,%st(1)
fdivs 0x1ac(%rip)
flds 0x1aa(%rip)
fxch %st(1)
fucomi %st(1),%st
jae 0x4005c0 <main+128>
fstp %st(1)
fnstcw 0x16(%rsp)
...
-- 8< --
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Emulation failure
2013-08-20 1:26 ` Duy Nguyen TN
@ 2013-08-20 8:16 ` Paolo Bonzini
0 siblings, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2013-08-20 8:16 UTC (permalink / raw)
To: duy.nguyen; +Cc: kvm
Il 20/08/2013 03:26, Duy Nguyen TN ha scritto:
> Vào T2, ngày 19, 08 năm 2013 lúc 11:27 +0200, Paolo Bonzini viết:
>>> The disassembled code is
>>>
>>> 0x1dd10: push %rbx
>>> 0x1dd11: mov $0x6e,%eax
>>> 0x1dd16: mov %rdi,%rbx
>>> 0x1dd19: sub $0x20,%rsp
>>> 0x1dd1d: test %rdi,%rdi
>>> 0x1dd20: je 0xb1dd92
>>> 0x1dd22: mov 0x4bf1e0(%rip),%eax
>>> 0x1dd28: cmp $0xffffffff,%eax
>>> 0x1dd2b: je 0xb1ddd0
>>> 0x1dd31: test %eax,%eax
>>> 0x1dd33: jne 0xb1dd92
>>> 0x1dd35: mov 0xe1f55c(%rip),%rax
>>> 0x1dd3c: cmpq $0x0,0xf0(%rax)
>>> 0x1dd44: fildll 0xf0(%rax)
>>> 0x1dd4a: js 0xb1ddf0
>>> 0x1dd50: mov 0xe1f54a(%rip),%eax
>>> 0x1dd56: mov %rax,-0x80(%rsp)
>>> 0x1dd5b: fildll -0x80(%rsp)
>>> 0x1dd5f: fmulp %st,%st(1)
>>>
>>> Not sure if it helps but rax after 0xb1dd35 contains the pointer to
>>> mmap'd memory of /dev/hpet
>>
>> I think this wouldn't work even with the latest kernel. Emulation of
>> x87 instructions is not supported yet.
>
> I'm confused. How could this program work? It produces similar assembly
> listing
The information you posted is not really enough to get the complete
picture (it is better to grab it from ftrace in the host, or from the
QEMU monitor), but my understanding is that the instruction at 0xb1dd44
doesn't refer to RAM; it refers to a memory-mapped I/O region. In this
case, the instructions are not executed by the processor. Instead, they
are emulated by the hypervisor. KVM does not support emulation of x87
instructions.
Paolo
> -- 8< --
> #include <stdio.h>
> #include <stdint.h>
>
> uint64_t s_rtcClockPeriod = 10;
> uint64_t mc = 3000000000;
> int main(int ac, char **av)
> {
> uint64_t value = (uint64_t)((long double)mc *
> (long double)s_rtcClockPeriod /
> 1000000000.0L);
> printf("%lu\n", value);
> return 0;
> }
> -- 8< --
>
> and the assembly I got is
>
> -- 8< --
> sub $0x18,%rsp
> cmpq $0x0,0x200adc(%rip)
> fildll 0x200ad6(%rip)
> js 0x4005f8 <main+184>
> cmpq $0x0,0x200ac0(%rip)
> fildll 0x200aba(%rip)
> js 0x400612 <main+210>
> fmulp %st,%st(1)
> fdivs 0x1ac(%rip)
> flds 0x1aa(%rip)
> fxch %st(1)
> fucomi %st(1),%st
> jae 0x4005c0 <main+128>
> fstp %st(1)
> fnstcw 0x16(%rsp)
> ...
> -- 8< --
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-08-20 8:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-08-19 1:14 Emulation failure Duy Nguyen TN
2013-08-19 9:27 ` Paolo Bonzini
2013-08-20 1:26 ` Duy Nguyen TN
2013-08-20 8:16 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox