Re: New x86-Setup code breaks HVM-XEN boot

[Christian Ehrhardt <lk@c--e.de>]

Hi,

On Thu, Aug 30, 2007 at 07:49:26AM -0700, H. Peter Anvin wrote:
> Christian Ehrhardt wrote:
> >
> >Note the the xm console command terminates on its own, i.e. the guest
> >machine seems to halt and not hang somewhere.
> >
> >I could verify that the real mode code up to the assembly code in
> >pmjump.S is in fact executed. The problem appears to occur while
> >enabling protected mode. I tried to put endless loops into the 32-bit
> >setup code but these were apparently not reached. As far as I understand
> >this, the protected mode jump in pmjump.S seems to jump into nowhere.
> >
> >I am willing to do tests with the XEN guest and send any additional
> >information that might be helpful. However, I cannot change the XEN host
> >at this time.
> >
> >Any suggestions? 
> >
> 
> All of this point to a bug in the Xen emulation host.  You're not saying 
>  if you're on an Intel or AMD host, but on Intel, hardware 
> virtualization doesn't actually kick in until you're in protected mode 
> with all segments configured properly.  This means all of pmjump.S runs 
> in an interpreter.  A bug in that interpreter would cause what you observe.

I took the trouble to bisect (manually) exactly which change in the new
boot code triggers this problem.

The problem is with the lgdt instruction. Apparently XEN does not keep
the contents of the 48-bit gdt_48 data structure that is passed to lgdt
in the XEN machine state. Instead it appears to save the _address_ of the
48-bit descriptor somewhere. Unfortunately this data happens to reside on the
stack and is probably no longer availiable at the time of the actual
protected mode jump.

This is most likely a XEN-bug but given that there is a on line patch
to work around this problem, the linux kernel should probably do this.
My fix is to make the gdt_48 description in setup_gdt static (in
setup_idt this is already the case). This allows the kernel to boot under
XEN-hvm again.

Sometimes it is a bit disappointing if quite some debuggin work results
in a on line patch :-) Pleae consider applying.

    regards   Christian

Signed-off-by: Christian Ehrhardt <lk@c--e.de>

diff --git a/arch/i386/boot/pm.c b/arch/i386/boot/pm.c
index 6be9ca8..f7958f1 100644
--- a/arch/i386/boot/pm.c
+++ b/arch/i386/boot/pm.c
@@ -122,7 +122,7 @@ static void setup_gdt(void)
 		/* DS: data, read/write, 4 GB, base 0 */
 		[GDT_ENTRY_BOOT_DS] = GDT_ENTRY(0xc093, 0, 0xfffff),
 	};
-	struct gdt_ptr gdt;
+	static struct gdt_ptr gdt;
 
 	gdt.len = sizeof(boot_gdt)-1;
 	gdt.ptr = (u32)&boot_gdt + (ds() << 4);