From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47990) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VMhTo-0001Ka-JY for qemu-devel@nongnu.org; Thu, 19 Sep 2013 12:53:32 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VMhTf-0000wz-PI for qemu-devel@nongnu.org; Thu, 19 Sep 2013 12:53:24 -0400 Received: from mail-yh0-x235.google.com ([2607:f8b0:4002:c01::235]:58269) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VMhTf-0000wD-GX for qemu-devel@nongnu.org; Thu, 19 Sep 2013 12:53:15 -0400 Received: by mail-yh0-f53.google.com with SMTP id b20so4267117yha.12 for ; Thu, 19 Sep 2013 09:53:15 -0700 (PDT) Sender: Paolo Bonzini Message-ID: <523B2C06.3060309@redhat.com> Date: Thu, 19 Sep 2013 18:53:26 +0200 From: Paolo Bonzini MIME-Version: 1.0 References: <52383EED.6080602@FreeBSD.org> <52384BF6.5030302@suse.de> <52386855.7080106@FreeBSD.org> <20130917184954.GA5657@redhat.com> <523B0BE0.90102@FreeBSD.org> In-Reply-To: <523B0BE0.90102@FreeBSD.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] in_asm substitute for accel=kvm:tcg List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Andriy Gapon Cc: =?UTF-8?B?QW5kcmVhcyBGw6RyYmVy?= , Gleb Natapov , qemu-devel@nongnu.org Il 19/09/2013 16:36, Andriy Gapon ha scritto: > Not sure how the code ends up at 0x9315 after that. Events are dropped, probably corresponding to more emulation. > And here is original assembly code: > rret_tramp: movw $MEM_ESPR-0x08,%sp # Reset stack pointer > pushal # Save gp regs > pushl %gs # Save > pushl %fs # seg > pushl %ds # regs > pushl %es > pushfl # Save %eflags > cli # Disable interrupts > std # String ops dec > xorw %ax,%ax # Reset seg > movw %ax,%ds # regs > movw %ax,%es # (%ss is already 0) > lidt idtdesc # Set IDT > lgdt gdtdesc # Set GDT > mov %cr0,%eax # Switch to protected > inc %ax # mode > mov %eax,%cr0 # > ljmp $SEL_SCODE,$rret_tramp.1 # To 32-bit code > .code32 > rret_tramp.1: xorl %ecx,%ecx # Zero > movb $SEL_SDATA,%cl # Setup > movw %cx,%ss # 32-bit > movw %cx,%ds # seg > movw %cx,%es # regs > movl MEM_ESPR-0x04,%esp # Switch to kernel stack > leal 0x44(%esp,1),%esi # Base of frame > andb $~0x2,tss_desc+0x5 # Clear TSS busy > movb $SEL_TSS,%cl # Set task > ltr %cx # register > > I can provide full logs, etc. > Please let me know what else I could do. > Thanks! > -- 1) Can you try loading the kvm_intel module with emulate_invalid_guest_state=0? 2) What are the contents of fs and gs? Why are they not zeroed? Perhaps that is causing invalid guest state emulation to run, and then something is triggering a bug in emulate_invalid_guest_state itself. 3) What is at 0x9315? Paolo