From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: Problem with KVM guest switching to x86 long mode
Date: Thu, 08 Apr 2010 21:36:03 +0300
Message-ID: <4BBE2213.6020802@redhat.com>
References: <u2u84144f021004081126sf2f6c8f9s3f228bd455356ab0@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: KVM General <kvm@vger.kernel.org>
To: Pekka Enberg <penberg@cs.helsinki.fi>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:25239 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S933009Ab0DHSgP (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 8 Apr 2010 14:36:15 -0400
In-Reply-To: <u2u84144f021004081126sf2f6c8f9s3f228bd455356ab0@mail.gmail.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 04/08/2010 09:26 PM, Pekka Enberg wrote:
> Hi!
>
> I am working on a light-weight KVM userspace launcher for Linux and am
> bit stuck with a guest Linux kernel restarting when it tries to enter
> long mode.
>
> The register dump looks like this:
>
> penberg@tiger:~/vm$ ./kvm bzImage
> KVM exit reason: 8 ("KVM_EXIT_SHUTDOWN")
> Registers:
>   rip: 00000000001000ed   rsp: 00000000005d54b8 flags: 0000000000010046
>   rax: 0000000080000001   rbx: 0000000001f2c000   rcx: 00000000c0000080
>   rdx: 0000000000000000   rsi: 0000000000013670   rdi: 0000000002408000
>   rbp: 0000000000100000   r8:  0000000000000000   r9:  0000000000000000
>   r10: 0000000000000000   r11: 0000000000000000   r12: 0000000000000000
>   r13: 0000000000000000   r14: 0000000000000000   r15: 0000000000000000
>   cr0: 0000000080000011   cr2: 00000000001000ed   cr3: 0000000002402000
>   cr4: 0000000000000020   cr8: 0000000000000000
> Segment registers:
>   register  selector  base              limit     type  p dpl db s l g avl
>   cs        0010      0000000000000000  ffffffff  0b    1 0   1  1 0 1 0
>   ss        0018      0000000000000000  ffffffff  03    1 0   1  1 0 1 0
>   ds        0018      0000000000000000  ffffffff  03    1 0   1  1 0 1 0
>   es        0018      0000000000000000  ffffffff  03    1 0   1  1 0 1 0
>   fs        0018      0000000000000000  ffffffff  03    1 0   1  1 0 1 0
>   gs        0018      0000000000000000  ffffffff  03    1 0   1  1 0 1 0
>   tr        0020      0000000000001000  00000067  0b    1 0   0  0 0 0 0
>   ldt       0000      0000000000000000  ffffffff  00    0 0   0  0 0 0 0
>    

These all look reasonable.  Please add a gdtr dump and an idtr dump.

>    2b:*	cb                   	lret<-- trapping instruction
>    

Post the two u32s at ss:rsp -> ss:rsp+8.  That will tell us where the 
guest is trying to return.  Actually, from the dump:

  1a:    6a 10                    pushq  $0x10
   1c:    8d 85 00 02 00 00        lea    0x200(%rbp),%eax
   22:    50                       push   %rax

it looks like you're returning to segment 0x10, this should be the word 
at ss:rsp+4.  So if you dump the 2 u32s at 
gdtr.base+0x10..gdtr.base+0x18 we'll see if there's anything wrong with 
the segment descriptor.

-- 
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.