|
xen-devel
Re: [Xen-devel] Real-mode bug with AMD, gPXE, and 32-bit rep movs
|
To: |
Tim Deegan <Tim.Deegan@xxxxxxxxxx> |
|
Subject: |
Re: [Xen-devel] Real-mode bug with AMD, gPXE, and 32-bit rep movs |
|
From: |
George Dunlap <George.Dunlap@xxxxxxxxxxxxx> |
|
Date: |
Mon, 30 Mar 2009 16:02:23 +0100 |
|
Cc: |
"Huang2, Wei" <Wei.Huang2@xxxxxxx>, Christoph Egger <Christoph.Egger@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <Keir.Fraser@xxxxxxxxxxxxx> |
|
Delivery-date: |
Mon, 30 Mar 2009 08:03:36 -0700 |
|
Dkim-signature: |
v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type:content-transfer-encoding; bh=iQRIf6ye+8D2OhnFWYmge7TNvKubqlNAiztrgFmc8v4=; b=fa8q1vCao72Tfm9aX5eaPsvTpzFLrZXlpzLoSegs12i1003TLjFB6PTdj2CSlNofLP ShPKzlBXZt8A1HJR+v0kwixF9mKgiRk9SLRXwVr4lsee9B/q90H/NakKw5/jVv30nFuT HOddl0FRZBwTi/DFBGVjYRsbkE96owAwKGDqs= |
|
Domainkey-signature: |
a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=HXc/gRosHrCsgn2EMFPJPFJxab0DvgqC3RuDO9+qkVqJ6cPJkHAs0esggFcHmMBT8J 86h8eSECjGJ2/2jeJ7rkq2Eb4ZOBXQMlZl0BDhbsJj+9u4X9POBDMCiBLpK2FgmDVZTZ YQzhNMsICyckodGK3cresKkeWBya2yUMfFnm8= |
|
Envelope-to: |
www-data@xxxxxxxxxxxxxxxxxxx |
|
In-reply-to: |
<20090326163127.GL11733@xxxxxxxxxxxxxxxxxxxxx> |
|
List-help: |
<mailto:xen-devel-request@lists.xensource.com?subject=help> |
|
List-id: |
Xen developer discussion <xen-devel.lists.xensource.com> |
|
List-post: |
<mailto:xen-devel@lists.xensource.com> |
|
List-subscribe: |
<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
|
List-unsubscribe: |
<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
|
References: |
<C5F14523.501B%keir.fraser@xxxxxxxxxxxxx> <49CB9BFA.50408@xxxxxxxxxxxxx> <200903261724.06593.Christoph.Egger@xxxxxxx> <20090326163127.GL11733@xxxxxxxxxxxxxxxxxxxxx> |
|
Sender: |
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
So it turns out this is actually a bug in gPXE, combined with a
limit-check bug in HVM emulation. The segment limit was only set to
16 bits, but was clearly trying to use a 32-bit address, so the AMD
hardware was doing exactly what it should have done.
The reason it worked on an Intel box was that the hvm address checking
logic doesn't do *any* limit checking when in real mode. If you add a
real-mode segment limit check in hvm.c:hvm_virtual_to_linear_addr(),
then it the VM has the exact same issue.
So one thing is clear, we need to re-compile the gPXE "binary" that
comes in xen so that it doesn't violate segment limits.
We might think about checking some limits in real mode as well, just
for good measure.
-George
On Thu, Mar 26, 2009 at 5:31 PM, Tim Deegan <Tim.Deegan@xxxxxxxxxx> wrote:
> At 16:24 +0000 on 26 Mar (1238084646), Christoph Egger wrote:
>> I think it's #2. Look at the #GP causes in APM
>> Volume 2 for MOVSx: the only one in real mode is if the address
>> exceeded a data segment limit. And the comment from Deegan about
>> clipping segment limits to 16 bits makes me think that the clipping is
>> happening on AMD machines and it shouldn't be.
>
> That particular clipping happens in vmx.c so I certainly hope it doesn't
> get called on AMD machines. :) But yes, it's likely that some
> big-real-mode segment state has got lost somewhere.
>
> Tim.
>
> --
> Tim Deegan <Tim.Deegan@xxxxxxxxxx>
> Principal Software Engineer, Citrix Systems (R&D) Ltd.
> [Company #02300071, SL9 0DZ, UK.]
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
Home