From mboxrd@z Thu Jan 1 00:00:00 1970 From: Radim =?utf-8?B?S3LEjW3DocWZ?= Subject: Re: [Qemu-devel] E5-2620v2 - emulation stop error Date: Mon, 30 Mar 2015 21:28:08 +0200 Message-ID: <20150330192808.GF13271@potion.brq.redhat.com> References: <20150326000502.GA1217@morn.localdomain> <20150326155807.GA13271@potion.brq.redhat.com> <20150326163657.GA16305@morn.localdomain> <20150326170654.GB16305@morn.localdomain> <20150326174056.GC13271@potion.brq.redhat.com> <20150326204053.GC27093@potion.brq.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: "Kevin O'Connor" , "Dr. David Alan Gilbert" , Bandan Das , Paolo Bonzini , Gerd Hoffmann , "qemu-devel@nongnu.org" , "kvm@vger.kernel.org" To: Andrey Korolyov Return-path: Received: from mx1.redhat.com ([209.132.183.28]:44252 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753122AbbC3T2R (ORCPT ); Mon, 30 Mar 2015 15:28:17 -0400 Content-Disposition: inline In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: 2015-03-27 14:54+0300, Andrey Korolyov: > Trace with new bits: Thanks. > KVM internal error. Suberror: 2 > extra data[0]: 800000ef > extra data[1]: 80000b0d > extra data[2]: 77b The #GP code looks formatted as documented under INT in SDM, (vector << 3) | 2 | ext where 'ext' stands for 'external' (as opposed to software). 0x77b == (0xef << 3) | 2 | 1 It was 0xef and wasn't triggered by an INT instruction. The weird part is that it looks like a protected mode error, but CR0 says we are in real mode. (If CPU interpreted the vector in protected mode, then it would violate the IDT limit and throw a #GP ... It's too late for coffee today, so I'll try to lure some ideas later.) > EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000 > ESI=00000000 EDI=00000000 EBP=00000000 ESP=00006d24 > EIP=0000d331 EFL=00010202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 > ES =0000 00000000 0000ffff 00009300 > CS =f000 000f0000 0000ffff 00009b00 > SS =0000 00000000 0000ffff 00009300 > DS =0000 00000000 0000ffff 00009300 > FS =0000 00000000 0000ffff 00009300 > GS =0000 00000000 0000ffff 00009300 > LDT=0000 00000000 0000ffff 00008200 > TR =0000 00000000 0000ffff 00008b00 > GDT= 000f6cb0 00000037 > IDT= 00000000 000003ff > CR0=00000010 CR2=00000000 CR3=00000000 CR4=00000000 > DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 > DR3=0000000000000000 > DR6=00000000ffff0ff0 DR7=0000000000000400 > EFER=0000000000000000 > Code=66 c3 cd 02 cb cd 10 cb cd 13 cb cd 15 cb cd 16 cb cd 18 cb > 19 cb cd 1c cb cd 4a cb fa fc 66 ba 47 d3 0f 00 e9 ad fe f3 90 f0 0f > ba 2d d4 fe fb 3f From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50338) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YcfMC-0000kx-AY for qemu-devel@nongnu.org; Mon, 30 Mar 2015 15:28:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YcfM9-0002uK-5T for qemu-devel@nongnu.org; Mon, 30 Mar 2015 15:28:20 -0400 Received: from mx1.redhat.com ([209.132.183.28]:42767) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YcfM8-0002uE-Sb for qemu-devel@nongnu.org; Mon, 30 Mar 2015 15:28:17 -0400 Date: Mon, 30 Mar 2015 21:28:08 +0200 From: Radim =?utf-8?B?S3LEjW3DocWZ?= Message-ID: <20150330192808.GF13271@potion.brq.redhat.com> References: <20150326000502.GA1217@morn.localdomain> <20150326155807.GA13271@potion.brq.redhat.com> <20150326163657.GA16305@morn.localdomain> <20150326170654.GB16305@morn.localdomain> <20150326174056.GC13271@potion.brq.redhat.com> <20150326204053.GC27093@potion.brq.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [Qemu-devel] E5-2620v2 - emulation stop error List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Andrey Korolyov Cc: "kvm@vger.kernel.org" , "qemu-devel@nongnu.org" , "Dr. David Alan Gilbert" , Bandan Das , Kevin O'Connor , Gerd Hoffmann , Paolo Bonzini 2015-03-27 14:54+0300, Andrey Korolyov: > Trace with new bits: Thanks. > KVM internal error. Suberror: 2 > extra data[0]: 800000ef > extra data[1]: 80000b0d > extra data[2]: 77b The #GP code looks formatted as documented under INT in SDM, (vector << 3) | 2 | ext where 'ext' stands for 'external' (as opposed to software). 0x77b == (0xef << 3) | 2 | 1 It was 0xef and wasn't triggered by an INT instruction. The weird part is that it looks like a protected mode error, but CR0 says we are in real mode. (If CPU interpreted the vector in protected mode, then it would violate the IDT limit and throw a #GP ... It's too late for coffee today, so I'll try to lure some ideas later.) > EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000 > ESI=00000000 EDI=00000000 EBP=00000000 ESP=00006d24 > EIP=0000d331 EFL=00010202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 > ES =0000 00000000 0000ffff 00009300 > CS =f000 000f0000 0000ffff 00009b00 > SS =0000 00000000 0000ffff 00009300 > DS =0000 00000000 0000ffff 00009300 > FS =0000 00000000 0000ffff 00009300 > GS =0000 00000000 0000ffff 00009300 > LDT=0000 00000000 0000ffff 00008200 > TR =0000 00000000 0000ffff 00008b00 > GDT= 000f6cb0 00000037 > IDT= 00000000 000003ff > CR0=00000010 CR2=00000000 CR3=00000000 CR4=00000000 > DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 > DR3=0000000000000000 > DR6=00000000ffff0ff0 DR7=0000000000000400 > EFER=0000000000000000 > Code=66 c3 cd 02 cb cd 10 cb cd 13 cb cd 15 cb cd 16 cb cd 18 cb > 19 cb cd 1c cb cd 4a cb fa fc 66 ba 47 d3 0f 00 e9 ad fe f3 90 f0 0f > ba 2d d4 fe fb 3f