From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Kiszka <jan.kiszka-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>
Subject: Re: Unhandled vm exit with old protected mode test
Date: Mon, 19 Nov 2007 10:21:45 +0100
Message-ID: <474155A9.6030804@siemens.com>
References: <473D61D7.5050303@siemens.com> <4740146D.5040203@qumranet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
To: Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
Return-path: <kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
In-Reply-To: <4740146D.5040203-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=kvm-devel>
List-Post: <mailto:kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
List-Help: <mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=subscribe>
Sender: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Errors-To: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
List-Id: kvm.vger.kernel.org

Avi Kivity wrote:
> Jan Kiszka wrote:
>> Hi,
>>
>> running some oldish 286 protected mode demo in kvm, I came across this
>> bug of kvm-52:
>>
>> unhandled vm exit: 0x80000021 vcpu_id 0
>> ds 0000 (00100000/0000ffff p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0)
>>
>>   
> 
> ds.base must equal ds.sel<<4 when entering real-mode on Intel.  See
> fix_rmode_seg() in vmx.c which clearly doesn't handle cases where
> ds.base >= 0x100000.  You might try forcing bits 20+ of ds.base to zero
> in there.  This may fix the problem or move it elsewhere.
> 

Yeah, this actually fixed my test case:

Ensure that segment.base == segment.selector << 4 when entering the real
mode on Intel so that the CPU will not bark at us.

Signed-off-by: Jan Kiszka <jan.kiszka-kv7WeFo6aLtBDgjK7y7TUQ@public.gmane.org>

---
 kernel/vmx.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Index: kvm-52/kernel/vmx.c
===================================================================
--- kvm-52.orig/kernel/vmx.c
+++ kvm-52/kernel/vmx.c
@@ -1159,12 +1159,14 @@ static gva_t rmode_tss_base(struct kvm *
 static void fix_rmode_seg(int seg, struct kvm_save_segment *save)
 {
 	struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
+	unsigned base;

 	save->selector = vmcs_read16(sf->selector);
-	save->base = vmcs_readl(sf->base);
+	save->base = base = vmcs_readl(sf->base);
 	save->limit = vmcs_read32(sf->limit);
 	save->ar = vmcs_read32(sf->ar_bytes);
-	vmcs_write16(sf->selector, vmcs_readl(sf->base) >> 4);
+	vmcs_write16(sf->selector, base >> 4);
+	vmcs_write32(sf->base, base & 0xfffff);
 	vmcs_write32(sf->limit, 0xffff);
 	vmcs_write32(sf->ar_bytes, 0xf3);
 }

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/