From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: Cygwin bash's built-in test command crashes on Windows 2008 Server
 64bit under KVM
Date: Fri, 13 Feb 2009 22:01:04 +0200
Message-ID: <4995D180.9000706@redhat.com>
References: <40ddf2480901050654y268213d1jbf34f9d81d6faeb0@mail.gmail.com> <40ddf2480901050822q52a9c2b6x5d5d87d17dec4992@mail.gmail.com> <49788A80.2070403@redhat.com> <87bptgnykd.fsf@fftw.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: kvm@vger.kernel.org
To: Matteo Frigo <athena@fftw.org>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx2.redhat.com ([66.187.237.31]:41927 "EHLO mx2.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753235AbZBMUAl (ORCPT <rfc822;kvm@vger.kernel.org>);
	Fri, 13 Feb 2009 15:00:41 -0500
In-Reply-To: <87bptgnykd.fsf@fftw.org>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Matteo Frigo wrote:
> Avi Kivity <avi@redhat.com> writes:
>
>   
>> - add a watchpoint to break when the value of gs:[0x30] changes
>>     
>
> It seems that the problem can be reproduced by compiling the following
> simple program using cygwin's gcc.  The program crashes on w2k3-amd64
> on kvm-83 on core2-duo, and it does not crash on the same w2k3-amd64
> installation on kvm-83 on AMD Phenom.
>
>   #include <setjmp.h>
>
>   jmp_buf env;
>   main()
>   {
>        if(setjmp(env)) return;
>        longjmp(env, 1);
>   }
>
> The problem seems to be in the instruction ``mov gs,ax'' (Intel
> syntax) in the longjmp() code.  If I let the virtual machine execute
> the instruction, the program crashes.  However, if I step over the
> instruction using the vs2008 debugger, the program completes without
> crashing.  Thus, I think that this is the instruction that Avi is
> looking for, but I don't know how to proceed from here.
>   

I've decoded the global descriptor table for this, and I get:

(qemu) xp/14x 0x266b000
000000000266b000: 0x00000000 0x00000000 0x00000000 0x00000000
000000000266b010: 0x00000000 0x00209b00 0x0000ffff 0x00cf9300
000000000266b020: 0x0000ffff 0x00cffb00 0x0000ffff 0x00cff300
000000000266b030: 0x00000000 0x0020fb00

The entry for gs is at offset 0x28, and has base set to 0, which is 
consistent with the crash.

Can you rerun on AMD, but set add npt=0 as a kvm-amd module parameter?  
This will determine if this is an mmu bug or kvm-intel bug.

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.