Windows XP crash: emulation failed but !mmio_needed?

Windows XP crash: emulation failed but !mmio_needed?

[Adam Monsen]

I had just installed a Windows XP guest and left it running for a few
hours with no users logged in. The machine appears to have crashed.
Avi requested that I send this bug(?) report to kvm-devel, so here
'tis...

REPRO STEPS:
1. Install Fedora 7
2. Install KVM
3. Install Windows XP Professional in a guest
8GB disk space (on-disk file)
500MB RAM
network is bridged to host's network
4. Implement the "Windows ACPI Workaround" as described on kvm.sf.net wiki
5. "Activate" Windows
6. Let box sit there for a few hours

EXPECTED RESULT:
guest continues to run happily

ACTUAL RESULT:
box crashed. Syslog has the following entry: "emulation failed but
!mmio_needed? rip e05d e6 0d e6 da"
/var/log/libvirt/qemu/win01.log contains

/usr/bin/qemu-kvm -M pc -m 500 -smp 1 -monitor pty -boot c -hda
/etc/libvirt/qemu/win01_hda.img -net
nic,macaddr=00:16:3e:59:f4:60,vlan=0 -net tap,fd=9,script=,vlan=0 -vnc
:0
char device redirected to /dev/pts/1
exception 13 (0)
rax 0000000000000000 rbx 0000000000000000 rcx 0000000000000000 rdx
0000000000000600
rsi 0000000000000000 rdi 0000000000000000 rsp 0000000000000000 rbp
0000000000000000
r8  0000000000000000 r9  0000000000000000 r10 0000000000000000 r11
0000000000000000
r12 0000000000000000 r13 0000000000000000 r14 0000000000000000 r15
0000000000000000
rip 000000000000e05d rflags 00033046
cs f000 (000f0000/0000ffff p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0)
ds 0000 (00000000/0000ffff p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0)
es 0000 (00000000/0000ffff p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0)
ss 0000 (00000000/0000ffff p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0)
fs 0000 (00000000/0000ffff p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0)
gs 0000 (00000000/0000ffff p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0)
tr 0000 (00000000/0000ffff p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0)
ldt 0000 (00000000/0000ffff p 1 dpl 0 db 0 s 0 type 2 l 0 g 0 avl 0)
gdt 0/ffff
idt 0/ffff
cr0 60000010 cr2 0 cr3 0 cr4 0 cr8 0 efer 0

ADDITIONAL INFORMATION:
Had not yet installed service packs.

Hope this helps,
-Adam

-- 
Adam Monsen

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Re: Windows XP crash: emulation failed but !mmio_needed?

[Avi Kivity]

Adam Monsen wrote:
> I had just installed a Windows XP guest and left it running for a few
> hours with no users logged in. The machine appears to have crashed.
> Avi requested that I send this bug(?) report to kvm-devel, so here
> 'tis...
>
> REPRO STEPS:
> 1. Install Fedora 7
> 2. Install KVM
> 3. Install Windows XP Professional in a guest
> 8GB disk space (on-disk file)
> 500MB RAM
> network is bridged to host's network
> 4. Implement the "Windows ACPI Workaround" as described on kvm.sf.net wiki
> 5. "Activate" Windows
> 6. Let box sit there for a few hours
>
> EXPECTED RESULT:
> guest continues to run happily
>
> ACTUAL RESULT:
> box crashed. Syslog has the following entry: "emulation failed but
> !mmio_needed? rip e05d e6 0d e6 da"
>   

The virtual machine has spontaneously rebooted, then failed because 
Windows has (legitimately) overwritten the real-mode task state segment 
located at the end of memory.  The emulation failure is for an 'out' 
instruction, which will trap if the tss is not set up correctly.

The emulation failure can be fixed by re-initializing the tss, or, even 
better, moving it beyond RAM, or by fully emulating real mode, but this 
doesn't say anything about the cause of the reboot.  Is there anything 
in the Windows event log (accessible using eventvwr.exe?)


-- 
error compiling committee.c: too many arguments to function


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Re: Windows XP crash: emulation failed but !mmio_needed?

[Adam Monsen]

On 6/19/07, Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org> wrote:
[...]
> The virtual machine has spontaneously rebooted, then failed because
> Windows has (legitimately) overwritten the real-mode task state segment
> located at the end of memory.  The emulation failure is for an 'out'
> instruction, which will trap if the tss is not set up correctly.
>
> The emulation failure can be fixed by re-initializing the tss, or, even
> better, moving it beyond RAM, or by fully emulating real mode, but this
> doesn't say anything about the cause of the reboot.  Is there anything
> in the Windows event log (accessible using eventvwr.exe?)
[...]

I dug through the event log a bit and did find something relevant. All
timestamps are from Jun 17 2007 PDT.

03:08:30 - GUEST - Windows Update Agent reports security update
installed (and I think the update agent might've been set up to
automatically reboot; I definitely wasn't awake at 3am)
03:13:25 - GUEST - winlogon.exe initiated a restart
03:13:45 - HOST - emulation failed message
03:52:03 - GUEST - ACPI BIOS read error reported
03:52:03 - GUEST - ACPI BIOS write error reported

the last log message appears at 04:14:52 (strange since I thought it
would've died at the time "emulation failed" showed up in the host's
log), then nothing until 08:35:46 when I manually started up the guest
VM again.

I thought I did have the Windows ACPI workaround in place during all
of this, but it is possible that this was not the case.

Here are the details from the Windows event viewer of the GUEST log
messages above:

Event Type:    Information
Event Source:    Windows Update Agent
Event Category:    Installation
Event ID:    19
Date:        6/17/2007
Time:        3:08:30 AM
User:        N/A
Computer:    BUDDY
Description:
Installation Successful: Windows successfully installed the following
update: Security Update for Windows XP (KB828741)

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65   Win32HRe
0008: 73 75 6c 74 3d 30 78 30   sult=0x0
0010: 30 30 30 30 30 30 30 20   0000000
0018: 55 70 64 61 74 65 49 44   UpdateID
0020: 3d 7b 41 42 44 31 43 33   ={ABD1C3
0028: 45 46 2d 39 38 37 44 2d   EF-987D-
0030: 34 41 30 34 2d 38 33 44   4A04-83D
0038: 42 2d 43 45 43 32 32 34   B-CEC224
0040: 39 35 44 33 42 37 7d 20   95D3B7}
0048: 52 65 76 69 73 69 6f 6e   Revision
0050: 4e 75 6d 62 65 72 3d 31   Number=1
0058: 30 32 20 00               02 .


Event Type:    Information
Event Source:    USER32
Event Category:    None
Event ID:    1074
Date:        6/17/2007
Time:        3:13:25 AM
User:        NT AUTHORITY\SYSTEM
Computer:    BUDDY
Description:
The process winlogon.exe has initiated the restart of BUDDY for the
following reason: No title for this reason could be found
 Minor Reason: 0x2
 Shutdown Type: reboot
 Comment:

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 02 00 02 80               ...€


Event Type:    Error
Event Source:    ACPI
Event Category:    None
Event ID:    4
Date:        6/17/2007
Time:        3:52:03 AM
User:        N/A
Computer:    BUDDY
Description:
AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This
could lead to system instability. Please contact your system vendor
for technical assistance.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00   ......R.
0008: 00 00 00 00 04 00 05 c0   .......À
0010: 00 00 00 00 00 00 00 00   ........
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........


Event Type:    Error
Event Source:    ACPI
Event Category:    None
Event ID:    5
Date:        6/17/2007
Time:        3:52:03 AM
User:        N/A
Computer:    BUDDY
Description:
AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This
could lead to system instability. Please contact your system vendor
for technical assistance.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 52 00   ......R.
0008: 00 00 00 00 05 00 05 c0   .......À
0010: 00 00 00 00 00 00 00 00   ........
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........


Hope this helps! KVM sure helps me!

-- 
Adam Monsen

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Re: Windows XP crash: emulation failed but !mmio_needed?

[Avi Kivity]

[-- Attachment #1: Type: text/plain, Size: 1680 bytes --]

Adam Monsen wrote:
> On 6/19/07, Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org> wrote:
> [...]
>   
>> The virtual machine has spontaneously rebooted, then failed because
>> Windows has (legitimately) overwritten the real-mode task state segment
>> located at the end of memory.  The emulation failure is for an 'out'
>> instruction, which will trap if the tss is not set up correctly.
>>
>> The emulation failure can be fixed by re-initializing the tss, or, even
>> better, moving it beyond RAM, or by fully emulating real mode, but this
>> doesn't say anything about the cause of the reboot.  Is there anything
>> in the Windows event log (accessible using eventvwr.exe?)
>>     
> [...]
>
> I dug through the event log a bit and did find something relevant. All
> timestamps are from Jun 17 2007 PDT.
>
> 03:08:30 - GUEST - Windows Update Agent reports security update
> installed (and I think the update agent might've been set up to
> automatically reboot; I definitely wasn't awake at 3am)
> 03:13:25 - GUEST - winlogon.exe initiated a restart
> 03:13:45 - HOST - emulation failed message
> 03:52:03 - GUEST - ACPI BIOS read error reported
> 03:52:03 - GUEST - ACPI BIOS write error reported
>
> the last log message appears at 04:14:52 (strange since I thought it
> would've died at the time "emulation failed" showed up in the host's
> log), then nothing until 08:35:46 when I manually started up the guest
> VM again.
>
>   

Okay, so Windows shut itself down and hit a kvm bug.  Let's hope the
emulation failure later led to the crash.

The attached patch should fix it.

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.


[-- Attachment #2: reinit-tss.patch --]
[-- Type: text/x-patch, Size: 620 bytes --]

diff --git a/drivers/kvm/vmx.c b/drivers/kvm/vmx.c
index b47ddcc..42a9163 100644
--- a/drivers/kvm/vmx.c
+++ b/drivers/kvm/vmx.c
@@ -31,6 +31,8 @@
 MODULE_AUTHOR("Qumranet");
 MODULE_LICENSE("GPL");
 
+static int init_rmode_tss(struct kvm *kvm);
+
 static DEFINE_PER_CPU(struct vmcs *, vmxarea);
 static DEFINE_PER_CPU(struct vmcs *, current_vmcs);
 
@@ -951,6 +953,8 @@ static void enter_rmode(struct kvm_vcpu *vcpu)
 	fix_rmode_seg(VCPU_SREG_DS, &vcpu->rmode.ds);
 	fix_rmode_seg(VCPU_SREG_GS, &vcpu->rmode.gs);
 	fix_rmode_seg(VCPU_SREG_FS, &vcpu->rmode.fs);
+
+	init_rmode_tss(vcpu->kvm);
 }
 
 #ifdef CONFIG_X86_64

[-- Attachment #3: Type: text/plain, Size: 286 bytes --]

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

[-- Attachment #4: Type: text/plain, Size: 186 bytes --]

_______________________________________________
kvm-devel mailing list
kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/kvm-devel