WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Real-mode bug with AMD, gPXE, and 32-bit rep movs

from [George Dunlap] [Permanent Link][Original]
To: "Huang2, Wei" <Wei.Huang2@xxxxxxx>, Christoph Egger <Christoph.Egger@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] Real-mode bug with AMD, gPXE, and 32-bit rep movs
From: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Date: Thu, 26 Mar 2009 12:25:15 +0000
Cc:
Delivery-date: Thu, 26 Mar 2009 05:26:42 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=n6U6w7I8eNTO9sDKbIALvKZwOtpDJ9Fu7zhRQs97q24=; b=Tzjq3Nr+ynv4rVlRIQeK53l40aZMz0IUf1k59+WSbyk401PdVeMLkI/jDzHZb0INwa qEdO99DwEGTVbTQ4qwmz9hfgPT9kGvkRQIyGCHYBK6EOemmGMuglls6KEHtxWqtfdSwN SfjJtROHySGSKJcjSN1HJPK/Hqd8aoq0D4NLU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type:content-transfer-encoding; b=b8VeZz77r152XaFlx7IBSIqVgfhYMfFXTEwXZyVWx+FviHBgSjsl33wV4PDzVJPmNc xxEkCw7k2zGiBvNUXyHJEMsWnb8SUy0zoIK87dM5oKeMi7w+w+6cUwHfxjpPQcu9+1N2 AAwTWfwHvE0UYCuO+Fi2rvosShl31lNXLLIOk=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
With recent builds of -unstable, I've been unable to get an HVM domain
to boot on an AMD box with the virtual network card enabled.  The same
exact binaries work on an intel box just fine.

The problem turns out to be with the handling of a 32-bit rep MOVS
instruction in the 16-bit gPXE initialization code.  The offending
code is here:

f3 67 a4 66 89 3e 7b 02

nasm interprets it this way:

00000000  F3                db 0xF3
00000001  67A4              a32 movsb
00000003  66893E7B02        a32 mov [0x27b],edi

In other words, a 32-bit rep movs in 16-bit mode.  (gPXE appeas to be
copying itself from where it was installed at 0xc9000 to somewhere
higher in memory, 0x200000.  Not clear why it wants to do that.)

On Intel boxes, the code causes a #GP (not surprisingly), and the
emulator handles it successfully.

On AMD boxes (at least two of them), this causes a #GP (surprisingly).
That calls to the BIOS "null trap handler", which simply does an iret,
causing a busy loop.

There are three possibilities I came up with:
1) The same thing would happen outside of SVM; in which case it's
(sort of) a gPXE bug for using an instruction that won't work on AMD
boxes.
2) Xen is subtly screwing up the VM state, causing the AMD hardware
not to recognize that this shouldn't cause a #GP
3) AMD hardware (at least some of it) doesn't handle 32-bit rep movs
instructions in 16-bit mode.

If it's #1, we should try to build gPXE without the 32-bit instructions

If it's #2, we need to track down what state is being corrupted by Xen.

If it's #3, the simplest solution is probably to take vmexits on GP
faults and attempt to emulate the instruction if we're in real mode,
as we do for vmx.

Wei, Christoph: any ideas?

The cpuid output of the two boxes I've tried this on is below.

Thanks,
 -George Dunlap

[elite]
processor       : 0

vendor_id       : AuthenticAMD

cpu family      : 16

model           : 2

model name      : Quad-Core AMD Opteron(tm) Processor 2352

stepping        : 3

cpu MHz         : 2094.850

cache size      : 512 KB

fdiv_bug        : no

hlt_bug         : no

f00f_bug        : no

coma_bug        : no

fpu             : yes

fpu_exception   : yes

cpuid level     : 5

wp              : yes

flags           : fpu de tsc msr pae cx8 apic mtrr cmov pat clflush mmx fxsr
sse sse2 ht syscall nx mmxext fxsr_opt 3dnowext 3dnow constant_tsc pni
cmp_legacy cr8legacy ts ttp tm stc [6] [7] [8]

bogomips        : 4190.72


[dakota]processor       : 0

vendor_id       : AuthenticAMD

cpu family      : 15

model           : 65

model name      : Dual-Core AMD Opteron(tm) Processor 2218

stepping        : 2

cpu MHz         : 2593.560

cache size      : 1024 KB

fdiv_bug        : no

hlt_bug         : no

f00f_bug        : no

coma_bug        : no

fpu             : yes

fpu_exception   : yes

cpuid level     : 1

wp              : yes

flags           : fpu de tsc msr pae mce cx8 apic mtrr mca cmov pat clflush mmx
fxsr sse sse2 ht nx mmxext fxsr_opt 3dnowext 3dnow pni cmp_legacy
cr8legacy ts fid vid ttp tm stc

bogomips        : 5188.45

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [Patch] don't spin with irq disabled, Jan Beulich
Next by Date:  Re: [Xen-devel] [Patch] don't spin with irq disabled, Juergen Gross
Previous by Thread:  [Xen-devel] [PATCH] ioemu: a bunch of fixes, Christoph Egger
Next by Thread:  Re: [Xen-devel] Real-mode bug with AMD, gPXE, and 32-bit rep movs, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy