From: Avi Kivity <avi@qumranet.com>
To: Mohammed Gamal <m.gamal005@gmail.com>
Cc: kvm-devel <kvm@vger.kernel.org>
Subject: Re: Problem in real mode test harness.
Date: Tue, 26 Aug 2008 19:08:56 +0300 [thread overview]
Message-ID: <48B42A98.5000501@qumranet.com> (raw)
In-Reply-To: <48B42909.1060405@qumranet.com>
Avi Kivity wrote:
> Mohammed Gamal wrote:
>> When trying to run the real mode test harness with
>> emulate_invalid_guest_state=1. It crashes with a #GP exception, here
>> is the output:
>> ---
>> exception 13 (0)
>> rax 00000000c03104d2 rbx 0000000000000000 rcx 0000000031664000 rdx
>> 0000000000001000
>> rsi 0000000000000001 rdi 0000000000000000 rsp 0000000000020000 rbp
>> 0000000000000000
>> r8 0000000000000000 r9 0000000000000000 r10 0000000000000000 r11
>> 0000000000000000
>> r12 0000000000000000 r13 0000000000000000 r14 0000000000000000 r15
>> 0000000000000000
>> rip 0000000000100010 rflags 00010006
>> cs 0008 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type b l 0 g 1 avl 0)
>> ds 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
>> es 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
>> ss 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
>> fs 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
>> gs 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0)
>> tr 0000 (00000000/0000ffff p 1 dpl 0 db 0 s 0 type b l 0 g 0 avl 0)
>> ldt 0000 (00000000/0000ffff p 1 dpl 0 db 0 s 0 type 2 l 0 g 0 avl 0)
>> gdt f0110/17
>> idt 0/7ff
>> cr0 60000011 cr2 0 cr3 0 cr4 0 cr8 0 efer 0
>> code: 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 -->
>> 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01
>> 01 01 01 01 01 01 01
>> ---
>>
>> I wanted to take a look at the emulated instruction, so I added some
>> logging to the kvm-intel module, here is the dmesg output
>> [11343.221039] emulation failed (emulation success) rip f00de 66 b8
>> 10 00
>> [11343.221039] emulation failed (emulation success) rip f00e2 8e d8
>> 8e c0
>> [11343.222936] emulation failed (emulation success) rip f00e4 8e c0
>> 8e e0
>> [11343.222936] emulation failed (emulation success) rip f00e6 8e e0
>> 8e e8
>> [11343.222936] emulation failed (emulation success) rip f00e8 8e e8
>> 8e d0
>> [11343.222936] emulation failed (emulation success) rip f00ea 8e d0
>> bc 00
>> [11343.222936] emulation failed (emulation success) rip f00ec bc 00
>> 00 02
>> [11343.222936] emulation failed (emulation success) rip f00f1 ea 00
>> 00 10
>> [11343.222936] emulation failed (emulation success) rip 100000 b8 d2
>> 04 31
>> [11343.222936] emulation failed (emulation success) rip 100005 8e d8
>> 8e c0
>> [11343.222936] emulation failed (emulation success) rip 100007 8e c0
>> 8e d0
>> [11343.222936] emulation failed (emulation success) rip 100009 8e d0
>> b9 00
>> [11343.222936] emulation failed (emulation success) rip 10000b b9 00
>> 40 66
>> [11343.222936] emulation failed (emulation success) rip 100010 f6 66
>> 89 f7
>> [11343.222936] emulation failed (emulation failure) rip 100010 f6 66
>> 89 f7
>> ---
>> (Note: I am using kvm_report_emulation_failure() to report all
>> emulated instructions even those which succeeded)
>>
>> Looking at the instruction sequence, it corresponds to the following
>> sequence in realmode.c
>> asm(
>> ".data \n\t"
>> ". = . + 4096 \n\t"
>> "stacktop: \n\t"
>> ".text \n\t"
>> "init: \n\t"
>> "xor %ax, %ax \n\t"
>> "mov %ax, %ds \n\t"
>> "mov %ax, %es \n\t"
>> "mov %ax, %ss \n\t"
>> "mov $0x4000, %cx \n\t"
>> "xor %esi, %esi \n\t"
>>
>> we fail at the xor %esi, %esi instruction. I thought at first it
>> might be an emulation problem with xor, so I changed the instruction
>> to mov $0, %esi and we still fail. Another strange thing is that the
>> emulator reads the opcode for xor and mov instructions, but fails when
>> reading the operands. I looked at the emulator code but it looks OK,
>> so why is the exception generated?
>
> It looks like we actually fail at the mov insn. The insn is (rip
> 10000b):
>
> b9 00 40 mov $0x4000,%cx
>
> three bytes long, so next rip should be 10000e, but it reads 5 bytes
> and ends up in 100010.
>
> I don't understand what the code is doing in that address range
> anyway. Looks like it accidentally switched to 32-bit protected mode
> somehow. Are you running realmode.c as is, or patched?
>
Oh, you're running it with bootstrap.flat, are you? that enters 32-bit
protected mode, while this code expects to run from real mode context.
Use
user/kvmctl user/test/x86/realmode.flat
--
error compiling committee.c: too many arguments to function
prev parent reply other threads:[~2008-08-26 16:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-26 15:54 Problem in real mode test harness Mohammed Gamal
2008-08-26 16:02 ` Avi Kivity
2008-08-26 16:08 ` Avi Kivity [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48B42A98.5000501@qumranet.com \
--to=avi@qumranet.com \
--cc=kvm@vger.kernel.org \
--cc=m.gamal005@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox