nops in virtual pc x86

nops in virtual pc x86

[David Sanders]

Well, I thought we determined that multibyte nops were causing virtual pc to 
die and removing them made it work fine.  Then why do I see this
$ cat /proc/cpuinfo | grep nopl

flags           : fpu vme pse tsc msr pae cx8 sep pge cmov acpi mmx fxsr sse 
sse2 constant_tsc up nopl lahf_lm
             
It seems the detection code in common.c is saying nops are supported.  Huh?

SO I ran this code:
#include <stdio.h>
#include <time.h>

int main()
{
	unsigned char nopl1[2] = { 0x90, 0xc3 };
	unsigned char nopl2[3] = { 0x66, 0x90, 0xc3 };
	unsigned char nopl3[4] = { 0x0f, 0x1f, 0x00, 0xc3 };
	unsigned char nopl4[5] = { 0x0f, 0x1f, 0x40, 0x00, 0xc3 };
	unsigned char nopl5[6] = { 0x0f, 0x1f, 0x44, 0x00, 0x00, 0xc3 };
	unsigned char nopl6[7] = { 0x66, 0x0f, 0x1f, 0x44, 0x00, 0x00, 0xc3 };
	unsigned char nopl7[8] = { 0x0f, 0x1f, 0x80, 0x00, 0x00, 0x00, 0x00, 0xc3 };
	unsigned char nopl8[9] = { 0x0f, 0x1f, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 
0xc3 };
	
	int i;
	for (i=0;i<100000;i++) {
		((void (*)()) nopl1)();
		((void (*)()) nopl2)();
		((void (*)()) nopl3)();
		((void (*)()) nopl4)();
		((void (*)()) nopl5)();
		((void (*)()) nopl6)();
		((void (*)()) nopl7)();
		((void (*)()) nopl8)();
	}
	
	printf("Executed 800,000 NOPLs in %d ticks with no errors.\n", clock());
	return 0;
}

It seems I can run 800000 nopl's without anyone complaining in user space.

Could it perhaps depend on the context the nops appear in?

Re: nops in virtual pc x86

[H. Peter Anvin]

David Sanders wrote:
> 
> Could it perhaps depend on the context the nops appear in?
> 

Almost certainly.  Most likely it's broken in the Virtual PC 
interpreter, but anything that is executed natively works.

	-hpa

Re: nops in virtual pc x86

[Linus Torvalds]

On Fri, 12 Sep 2008, David Sanders wrote:
>
> Well, I thought we determined that multibyte nops were causing virtual pc to 
> die and removing them made it work fine.  Then why do I see this
> $ cat /proc/cpuinfo | grep nopl
> 
> flags           : fpu vme pse tsc msr pae cx8 sep pge cmov acpi mmx fxsr sse 
> sse2 constant_tsc up nopl lahf_lm
>              
> It seems the detection code in common.c is saying nops are supported.  Huh?

Because the _native_ CPU handles them quite well.

> SO I ran this code:

.. in user space.

The thing is, afaik, Virtual PC will happily let the CPU execute all the 
user-space instructions, and thus they all work as well as if they were 
running on real hardware - since they _do_ run on real hardware.

But it is probably the case that Virtual PC will then do some "security 
checking" of any system code, possibly by JIT'ing it or just interpreting 
it, since it can't let the kernel run natively with privileges. That's 
what VMware does too, since older CPU's don't have virtualization support 
for ring0 programs.

And _that_ is presumably buggy, and never learnt about the "new" 
instructions in the PPro.

		Linus

Re: nops in virtual pc x86

[H. Peter Anvin]

Linus Torvalds wrote:
> 
> The thing is, afaik, Virtual PC will happily let the CPU execute all the 
> user-space instructions, and thus they all work as well as if they were 
> running on real hardware - since they _do_ run on real hardware.
> 
> But it is probably the case that Virtual PC will then do some "security 
> checking" of any system code, possibly by JIT'ing it or just interpreting 
> it, since it can't let the kernel run natively with privileges. That's 
> what VMware does too, since older CPU's don't have virtualization support 
> for ring0 programs.
> 
> And _that_ is presumably buggy, and never learnt about the "new" 
> instructions in the PPro.
> 

Actually, it's apparently worse than that.  The NOPL probe instruction 
for dynamic testing gets executed in kernel space, and passes! 
Apparently at that point (and beyond) it is okay, though.

Microsoft quality stuff.

	-hpa

Re: nops in virtual pc x86

[David Sanders]

On Friday 12 September 2008 18:04, Linus Torvalds wrote:
> On Fri, 12 Sep 2008, David Sanders wrote:
> > Well, I thought we determined that multibyte nops were causing virtual pc
> > to die and removing them made it work fine.  Then why do I see this $ cat
> > /proc/cpuinfo | grep nopl
> >
> > flags           : fpu vme pse tsc msr pae cx8 sep pge cmov acpi mmx fxsr
> > sse sse2 constant_tsc up nopl lahf_lm
> >
> > It seems the detection code in common.c is saying nops are supported. 
> > Huh?
>
> Because the _native_ CPU handles them quite well.
>
> > SO I ran this code:
>
> .. in user space.
>
> The thing is, afaik, Virtual PC will happily let the CPU execute all the
> user-space instructions, and thus they all work as well as if they were
> running on real hardware - since they _do_ run on real hardware.
>
> But it is probably the case that Virtual PC will then do some "security
> checking" of any system code, possibly by JIT'ing it or just interpreting
> it, since it can't let the kernel run natively with privileges. That's
> what VMware does too, since older CPU's don't have virtualization support
> for ring0 programs.
>
> And _that_ is presumably buggy, and never learnt about the "new"
> instructions in the PPro.
>
> 		Linus
And even stranger, the same program won't run on the host OS because of data 
execution prevention.

I reported the problem to Microsoft, they say they are aware of it and working 
on a resolution.

Re: nops in virtual pc x86

[H. Peter Anvin]

David Sanders wrote:
> And even stranger, the same program won't run on the host OS because of data 
> execution prevention.

Not strange at all.  It means Virtual PC just doesn't handle the NX bit 
right.

> I reported the problem to Microsoft, they say they are aware of it and working 
> on a resolution.

Virtual Server 2007 fixed some of these issues (over VS 2005, which had 
the same problems.)

	-hpa