[Qemu-devel] qemu-kvm problem with DOS/4GW extender and EMM386.EXE

[Qemu-devel] qemu-kvm problem with DOS/4GW extender and EMM386.EXE

[Andy Walls]

Running an MS-DOS 6.22 image with qemu-kvm on a RedHat Linux OS, I
noticed the guest OS becomes hung and my dmesg gets spammed with

	set_cr0: #GP, set PG flag with a clear PE flag

That message appears to be the linux kernel's kvm emulator griping about
Paging Enable bit being enabled while the Protection Enable bit is set
for real mode.  (The Intel manual says this should be a protection
fault).

The program that causes this has the DOS/4GW DOS extender runtime
compiled into it.

I found that when I don't load the EMM386.EXE memory manager, the
problem doesn't occur.

Here's a kvmtrace segment of when things are not working:

0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0070, size = 1 ]
28471049668815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049671815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00002a18 ]
0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 0001ba28 ]
28471049675815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049678815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00000334 ]
0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 00019344 ]
28471049681815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049685815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 000002a7 ]
0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
28471049688815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049691815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 000002ae ]
0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000011 ]
28471049696815 (+        5000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049699815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00005593 ]
0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 000262e3 ]
28471049703815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049706815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 000044d6 ]
0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 00025226 ]
28471049709815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049713815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 000055c0 ]
0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000002, virt = 0x00000000 00024f79 ]
28471049717815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049721815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
28471049723815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049726815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
28471049781815 (+       55000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049784815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00001fb8 ]
0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 00022d08 ]
28471049788815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049792815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
28471049794815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049797815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd9 ]
0 (+           0)  IO_READ       vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
28471049800815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049803815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00001f70 ]
0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 0001a072 ]
28471049807815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049811815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
28471049815815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049818815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
28471049840815 (+       22000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049844815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
28471049846815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049849815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd9 ]
0 (+           0)  IO_READ       vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
28471049851815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049855815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
28471049858815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049861815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
28471049882815 (+       21000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049885815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
28471049887815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049890815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd9 ]
0 (+           0)  IO_READ       vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
28471049892815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049896815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
28471049900815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049903815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
28471049933815 (+       30000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049936815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]




To me it appears EMM386.EXE enables paging, and the DOS/4GW DOS extender
tries to manipulate the PE bit in CR0 with LMSW but doesn't succeed.

These programs appear to work fine in VMWare and on real hardware.


Any ideas on how to make EMM386.EXE and the DOS/$GW extender work in
qemu-kvm?

Regards,
Andy

Re: [Qemu-devel] qemu-kvm problem with DOS/4GW extender and EMM386.EXE

[Mohammed Gamal]

On Tue, May 11, 2010 at 11:56 PM, Andy Walls <awalls@md.metrocast.net> wrote:
> Running an MS-DOS 6.22 image with qemu-kvm on a RedHat Linux OS, I
> noticed the guest OS becomes hung and my dmesg gets spammed with
>
>        set_cr0: #GP, set PG flag with a clear PE flag
>
> That message appears to be the linux kernel's kvm emulator griping about
> Paging Enable bit being enabled while the Protection Enable bit is set
> for real mode.  (The Intel manual says this should be a protection
> fault).
>
> The program that causes this has the DOS/4GW DOS extender runtime
> compiled into it.
>
> I found that when I don't load the EMM386.EXE memory manager, the
> problem doesn't occur.
>
> Here's a kvmtrace segment of when things are not working:
>
> 0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0070, size = 1 ]
> 28471049668815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049671815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00002a18 ]
> 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 0001ba28 ]
> 28471049675815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049678815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00000334 ]
> 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 00019344 ]
> 28471049681815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049685815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 000002a7 ]
> 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> 28471049688815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049691815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 000002ae ]
> 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000011 ]
> 28471049696815 (+        5000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049699815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00005593 ]
> 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 000262e3 ]
> 28471049703815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049706815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 000044d6 ]
> 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 00025226 ]
> 28471049709815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049713815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 000055c0 ]
> 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000002, virt = 0x00000000 00024f79 ]
> 28471049717815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049721815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
> 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> 28471049723815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049726815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
> 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
> 28471049781815 (+       55000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049784815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00001fb8 ]
> 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 00022d08 ]
> 28471049788815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049792815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
> 0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> 28471049794815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049797815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd9 ]
> 0 (+           0)  IO_READ       vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> 28471049800815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049803815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00001f70 ]
> 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 0001a072 ]
> 28471049807815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049811815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
> 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> 28471049815815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049818815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
> 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
> 28471049840815 (+       22000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049844815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
> 0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> 28471049846815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049849815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd9 ]
> 0 (+           0)  IO_READ       vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> 28471049851815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049855815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
> 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> 28471049858815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049861815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
> 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
> 28471049882815 (+       21000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049885815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
> 0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> 28471049887815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049890815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd9 ]
> 0 (+           0)  IO_READ       vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> 28471049892815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049896815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
> 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> 28471049900815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049903815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
> 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
> 28471049933815 (+       30000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049936815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
>
>
>
>
> To me it appears EMM386.EXE enables paging, and the DOS/4GW DOS extender
> tries to manipulate the PE bit in CR0 with LMSW but doesn't succeed.
>
> These programs appear to work fine in VMWare and on real hardware.
>
>
> Any ideas on how to make EMM386.EXE and the DOS/$GW extender work in
> qemu-kvm?
>
> Regards,
> Andy
>
>
>

Are you using this on an Intel-VT machine?

Re: [Qemu-devel] qemu-kvm problem with DOS/4GW extender and EMM386.EXE

[Avi Kivity]

On 05/11/2010 11:56 PM, Andy Walls wrote:
> Running an MS-DOS 6.22 image with qemu-kvm on a RedHat Linux OS, I
> noticed the guest OS becomes hung and my dmesg gets spammed with
>
> 	set_cr0: #GP, set PG flag with a clear PE flag
>
> That message appears to be the linux kernel's kvm emulator griping about
> Paging Enable bit being enabled while the Protection Enable bit is set
> for real mode.  (The Intel manual says this should be a protection
> fault).
>
> The program that causes this has the DOS/4GW DOS extender runtime
> compiled into it.
>
> I found that when I don't load the EMM386.EXE memory manager, the
> problem doesn't occur.
>
> Here's a kvmtrace segment of when things are not working:
>
>    

Please post kvm issues to kvm@vger.

> 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> 28471049900815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049903815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
> 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
> 28471049933815 (+       30000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> 28471049936815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
>
>
>
>
> To me it appears EMM386.EXE enables paging, and the DOS/4GW DOS extender
> tries to manipulate the PE bit in CR0 with LMSW but doesn't succeed.
>
> These programs appear to work fine in VMWare and on real hardware.
>
>
> Any ideas on how to make EMM386.EXE and the DOS/$GW extender work in
> qemu-kvm?
>    

Looks like a bug in the implementation of LMSW.  The manual says:

> If the PE flag of the source operand (bit 0) is set to 1, the 
> instruction causes the
> processor to switch to protected mode. While in protected mode, the 
> LMSW instruc-
> tion cannot be used to clear the PE flag and force a switch back to 
> real-address mode.

But kvm doesn't implement that.  Instead, it follows the operation section:

> Operation
> CR0[0:3] ← SRC[0:3];

-- 
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

Re: [Qemu-devel] qemu-kvm problem with DOS/4GW extender and EMM386.EXE

[Andy Walls]

On Wed, 2010-05-12 at 00:09 +0300, Mohammed Gamal wrote:
> On Tue, May 11, 2010 at 11:56 PM, Andy Walls <awalls@md.metrocast.net> wrote:
> > Running an MS-DOS 6.22 image with qemu-kvm on a RedHat Linux OS, I
> > noticed the guest OS becomes hung and my dmesg gets spammed with
> >
> >        set_cr0: #GP, set PG flag with a clear PE flag
> >
> > That message appears to be the linux kernel's kvm emulator griping about
> > Paging Enable bit being enabled while the Protection Enable bit is set
> > for real mode.  (The Intel manual says this should be a protection
> > fault).
> >
> > The program that causes this has the DOS/4GW DOS extender runtime
> > compiled into it.
> >
> > I found that when I don't load the EMM386.EXE memory manager, the
> > problem doesn't occur.
> >
> > Here's a kvmtrace segment of when things are not working:
> >
> > 0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0070, size = 1 ]
> > 28471049668815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049671815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00002a18 ]
> > 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 0001ba28 ]
> > 28471049675815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049678815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00000334 ]
> > 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 00019344 ]
> > 28471049681815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049685815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 000002a7 ]
> > 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> > 28471049688815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049691815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 000002ae ]
> > 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000011 ]
> > 28471049696815 (+        5000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049699815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00005593 ]
> > 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 000262e3 ]
> > 28471049703815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049706815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 000044d6 ]
> > 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 00025226 ]
> > 28471049709815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049713815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 000055c0 ]
> > 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000002, virt = 0x00000000 00024f79 ]
> > 28471049717815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049721815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
> > 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> > 28471049723815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049726815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
> > 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
> > 28471049781815 (+       55000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049784815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00001fb8 ]
> > 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 00022d08 ]
> > 28471049788815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049792815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
> > 0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> > 28471049794815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049797815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd9 ]
> > 0 (+           0)  IO_READ       vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> > 28471049800815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049803815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000004e, rip = 0x00000000 00001f70 ]
> > 0 (+           0)  PAGE_FAULT    vcpu = 0x00000000  pid = 0x00001997 [ errorcode = 0x00000000, virt = 0x00000000 0001a072 ]
> > 28471049807815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049811815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
> > 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> > 28471049815815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049818815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
> > 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
> > 28471049840815 (+       22000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049844815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
> > 0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> > 28471049846815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049849815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd9 ]
> > 0 (+           0)  IO_READ       vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> > 28471049851815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049855815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
> > 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> > 28471049858815 (+        3000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049861815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
> > 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
> > 28471049882815 (+       21000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049885815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
> > 0 (+           0)  IO_WRITE      vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> > 28471049887815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049890815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd9 ]
> > 0 (+           0)  IO_READ       vcpu = 0x00000000  pid = 0x00001997 [ port = 0x0020, size = 1 ]
> > 28471049892815 (+        2000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049896815 (+        4000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000000, rip = 0x00000000 00002a69 ]
> > 0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
> > 28471049900815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049903815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
> > 0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
> > 28471049933815 (+       30000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
> > 28471049936815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]
> >
> >
> >
> >
> > To me it appears EMM386.EXE enables paging, and the DOS/4GW DOS extender
> > tries to manipulate the PE bit in CR0 with LMSW but doesn't succeed.
> >
> > These programs appear to work fine in VMWare and on real hardware.
> >
> >
> > Any ideas on how to make EMM386.EXE and the DOS/$GW extender work in
> > qemu-kvm?
> >
> > Regards,
> > Andy
> >
> >
> >
> 
> Are you using this on an Intel-VT machine?

No, an AMD 64 bit machine.

Regards,
Andy