* [Qemu-devel] [Bug 1211910] [NEW] Logical to linear address translation is wrong for 32-bit guests on a 64-bit hypervisor
@ 2013-08-13 17:52 Nils Asmussen
2017-12-19 16:51 ` [Qemu-devel] [Bug 1211910] " Thomas Huth
2018-02-18 4:17 ` Launchpad Bug Tracker
0 siblings, 2 replies; 3+ messages in thread
From: Nils Asmussen @ 2013-08-13 17:52 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
I run a 64-bit hypervisor in qemu-system-x86_64 (without KVM) and on top of that I have a 32-bit guest. The guest configures the code-segment to have a base of 0x4000_0000 and a limit of 0xFFFF_FFFF with paging disabled. Thus, if a logical address of e.g. 0xC000_0000 is used, it should be translated to 0x0000_0000 (linear and physical), because of the overflow that happens.
But this does not happen with the described setup. Instead, qemu seems to calculate the logical to linear translation with 64-bit addresses so that no overflow happens. Consequently, the resulting address is 0x1_0000_0000 and this gets written to exitinfo2 in the VMCB structure. This causes trouble for hypervisors that expect the upper 32 bits of exitinfo2 to be 0 for 32-bit guests.
Note also that the exact same setup runs fine on real AMD machines with
SVM. That is, the upper 32 bits in exitinfo2 are always 0 because of the
overflow.
I've tested that with the latest development version of QEMU (commit
328465fd9f3a628ab320b5959d68d3d49df58fa6).
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1211910
Title:
Logical to linear address translation is wrong for 32-bit guests on a
64-bit hypervisor
Status in QEMU:
New
Bug description:
I run a 64-bit hypervisor in qemu-system-x86_64 (without KVM) and on top of that I have a 32-bit guest. The guest configures the code-segment to have a base of 0x4000_0000 and a limit of 0xFFFF_FFFF with paging disabled. Thus, if a logical address of e.g. 0xC000_0000 is used, it should be translated to 0x0000_0000 (linear and physical), because of the overflow that happens.
But this does not happen with the described setup. Instead, qemu seems to calculate the logical to linear translation with 64-bit addresses so that no overflow happens. Consequently, the resulting address is 0x1_0000_0000 and this gets written to exitinfo2 in the VMCB structure. This causes trouble for hypervisors that expect the upper 32 bits of exitinfo2 to be 0 for 32-bit guests.
Note also that the exact same setup runs fine on real AMD machines
with SVM. That is, the upper 32 bits in exitinfo2 are always 0 because
of the overflow.
I've tested that with the latest development version of QEMU (commit
328465fd9f3a628ab320b5959d68d3d49df58fa6).
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1211910/+subscriptions
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Qemu-devel] [Bug 1211910] Re: Logical to linear address translation is wrong for 32-bit guests on a 64-bit hypervisor
2013-08-13 17:52 [Qemu-devel] [Bug 1211910] [NEW] Logical to linear address translation is wrong for 32-bit guests on a 64-bit hypervisor Nils Asmussen
@ 2017-12-19 16:51 ` Thomas Huth
2018-02-18 4:17 ` Launchpad Bug Tracker
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Huth @ 2017-12-19 16:51 UTC (permalink / raw)
To: qemu-devel
Triaging old bug tickets... can you still reproduce this issue with the
latest version of QEMU? Or could we close this ticket nowadays?
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1211910
Title:
Logical to linear address translation is wrong for 32-bit guests on a
64-bit hypervisor
Status in QEMU:
Incomplete
Bug description:
I run a 64-bit hypervisor in qemu-system-x86_64 (without KVM) and on top of that I have a 32-bit guest. The guest configures the code-segment to have a base of 0x4000_0000 and a limit of 0xFFFF_FFFF with paging disabled. Thus, if a logical address of e.g. 0xC000_0000 is used, it should be translated to 0x0000_0000 (linear and physical), because of the overflow that happens.
But this does not happen with the described setup. Instead, qemu seems to calculate the logical to linear translation with 64-bit addresses so that no overflow happens. Consequently, the resulting address is 0x1_0000_0000 and this gets written to exitinfo2 in the VMCB structure. This causes trouble for hypervisors that expect the upper 32 bits of exitinfo2 to be 0 for 32-bit guests.
Note also that the exact same setup runs fine on real AMD machines
with SVM. That is, the upper 32 bits in exitinfo2 are always 0 because
of the overflow.
I've tested that with the latest development version of QEMU (commit
328465fd9f3a628ab320b5959d68d3d49df58fa6).
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1211910/+subscriptions
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Qemu-devel] [Bug 1211910] Re: Logical to linear address translation is wrong for 32-bit guests on a 64-bit hypervisor
2013-08-13 17:52 [Qemu-devel] [Bug 1211910] [NEW] Logical to linear address translation is wrong for 32-bit guests on a 64-bit hypervisor Nils Asmussen
2017-12-19 16:51 ` [Qemu-devel] [Bug 1211910] " Thomas Huth
@ 2018-02-18 4:17 ` Launchpad Bug Tracker
1 sibling, 0 replies; 3+ messages in thread
From: Launchpad Bug Tracker @ 2018-02-18 4:17 UTC (permalink / raw)
To: qemu-devel
[Expired for QEMU because there has been no activity for 60 days.]
** Changed in: qemu
Status: Incomplete => Expired
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1211910
Title:
Logical to linear address translation is wrong for 32-bit guests on a
64-bit hypervisor
Status in QEMU:
Expired
Bug description:
I run a 64-bit hypervisor in qemu-system-x86_64 (without KVM) and on top of that I have a 32-bit guest. The guest configures the code-segment to have a base of 0x4000_0000 and a limit of 0xFFFF_FFFF with paging disabled. Thus, if a logical address of e.g. 0xC000_0000 is used, it should be translated to 0x0000_0000 (linear and physical), because of the overflow that happens.
But this does not happen with the described setup. Instead, qemu seems to calculate the logical to linear translation with 64-bit addresses so that no overflow happens. Consequently, the resulting address is 0x1_0000_0000 and this gets written to exitinfo2 in the VMCB structure. This causes trouble for hypervisors that expect the upper 32 bits of exitinfo2 to be 0 for 32-bit guests.
Note also that the exact same setup runs fine on real AMD machines
with SVM. That is, the upper 32 bits in exitinfo2 are always 0 because
of the overflow.
I've tested that with the latest development version of QEMU (commit
328465fd9f3a628ab320b5959d68d3d49df58fa6).
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1211910/+subscriptions
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-02-18 4:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-13 17:52 [Qemu-devel] [Bug 1211910] [NEW] Logical to linear address translation is wrong for 32-bit guests on a 64-bit hypervisor Nils Asmussen
2017-12-19 16:51 ` [Qemu-devel] [Bug 1211910] " Thomas Huth
2018-02-18 4:17 ` Launchpad Bug Tracker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.