Re: Bug in x86 instruction emulator?

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: wogiz@openmailbox.org
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: "Mihai Donțu" <mihai.dontu@gmail.com>, xen-devel@lists.xen.org
Subject: Re: Bug in x86 instruction emulator?
Date: Thu, 07 Apr 2016 03:26:29 +0200	[thread overview]
Message-ID: <79866f85c99f49afd823a2b00e00505e@openmailbox.org> (raw)
In-Reply-To: <5704CEF4.2050308@citrix.com>

[-- Attachment #1: Type: text/plain, Size: 1510 bytes --]

On 2016-04-06 10:55, Andrew Cooper wrote:
> On 06/04/16 00:57, Mihai Donțu wrote:
>> On Wed, 06 Apr 2016 01:38:32 +0200 wogiz@openmailbox.org wrote:
>>> I'm running Xen 4.6.1 with Alpine Linux 3.3.3 in dom0. In a HVM domU
>>> with vga="qxl", Xorg will segfault instantly if tried started. 
>>> Multiple
>>> Linux distros have been tested and Xorg segfaults in all.
>>> 
>>> Attached are a full backtrace from domU generated by Xorg, and a
>>> assembler dump of function 'sse2_blt'.
>>> 
>>> According to Xen IRC channel, the cause could be a bug in the x86
>>> instruction emulator related to SSE.
>> I don't believe the x86 emulator is complete wrt the SSE instruction
>> set. But I do wonder why, in your case, these instructions need
>> emulation at all. Unless touching the video RAM requires emulation. 
>> Can
>> you try using a different video driver? I see xorg picked up qxl, 
>> maybe
>> try vesa?
>> 
> 
> Now I think about it, even dirty VRAM tracking shouldn't actually
> emulate the instructions.
> 
> Can you grab the full register state at the point of Xorgs crash?  
> `info
> regs` in gdb?
> 
> The instruction in use, `movaps` is specified to fault if the memory
> operand isn't aligned on a 16byte boundary.  Therefore, if %rax in this
> case isn't a multiple of 16, this is a code generation bug, rather than
> an emulation bug.
> 
> ~Andrew

Attached is the full register state.

I'm very interested in getting to the bottom of this, so please let me 
know if I can do anything to help.

[-- Attachment #2: register-state.txt --]
[-- Type: text/plain, Size: 800 bytes --]

(gdb) info registers 
rax            0xf1fe000001e000	68114745340846080
rbx            0x9	9
rcx            0xfffffc00	4294966272
rdx            0x222222	2236962
rsi            0x7fc650541000	140489727938560
rdi            0x7fc65b3ee420	140489911100448
rbp            0x16	0x16
rsp            0x7ffcad040b58	0x7ffcad040b58
r8             0x400	1024
r9             0x20	32
r10            0x20	32
r11            0x9	9
r12            0x4	4
r13            0xffffffff	4294967295
r14            0x55dff82d8820	94420429801504
r15            0x55dff82d80c0	94420429799616
rip            0x7fc65c3d5626	0x7fc65c3d5626 <sse2_blt+1159>
eflags         0x13206	[ PF IF #12 #13 RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0

[-- Attachment #3: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

next prev parent reply	other threads:[~2016-04-07  1:26 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-05 23:38 Bug in x86 instruction emulator? wogiz
2016-04-05 23:57 ` Mihai Donțu
2016-04-06  0:02   ` Mihai Donțu
2016-04-06  1:48     ` wogiz
2016-04-06  1:26   ` wogiz
2016-04-06  8:55   ` Andrew Cooper
2016-04-07  1:26     ` wogiz [this message]
2016-04-07  2:04       ` Jan Beulich
2016-04-08  1:43         ` wogiz
2016-04-15 17:33         ` wogiz
2016-04-15 17:44           ` Andrew Cooper
2016-04-16  4:06             ` wogiz
2016-05-04 16:02 ` Jan Beulich
2016-05-04 16:04   ` Wei Liu
2016-05-04 16:06   ` Andrew Cooper
2016-05-17 16:53   ` William Z.
2016-05-17 17:03     ` Andrew Cooper
2016-05-18  9:12 ` Jan Beulich
2016-05-20 16:44   ` William Z.

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=79866f85c99f49afd823a2b00e00505e@openmailbox.org \
    --to=wogiz@openmailbox.org \
    --cc=andrew.cooper3@citrix.com \
    --cc=mihai.dontu@gmail.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).