On 2016-04-06 10:55, Andrew Cooper wrote:
> On 06/04/16 00:57, Mihai Donțu wrote:
>> On Wed, 06 Apr 2016 01:38:32 +0200 wogiz@openmailbox.org wrote:
>>> I'm running Xen 4.6.1 with Alpine Linux 3.3.3 in dom0. In a HVM domU
>>> with vga="qxl", Xorg will segfault instantly if tried started. 
>>> Multiple
>>> Linux distros have been tested and Xorg segfaults in all.
>>> 
>>> Attached are a full backtrace from domU generated by Xorg, and a
>>> assembler dump of function 'sse2_blt'.
>>> 
>>> According to Xen IRC channel, the cause could be a bug in the x86
>>> instruction emulator related to SSE.
>> I don't believe the x86 emulator is complete wrt the SSE instruction
>> set. But I do wonder why, in your case, these instructions need
>> emulation at all. Unless touching the video RAM requires emulation. 
>> Can
>> you try using a different video driver? I see xorg picked up qxl, 
>> maybe
>> try vesa?
>> 
> 
> Now I think about it, even dirty VRAM tracking shouldn't actually
> emulate the instructions.
> 
> Can you grab the full register state at the point of Xorgs crash?  
> `info
> regs` in gdb?
> 
> The instruction in use, `movaps` is specified to fault if the memory
> operand isn't aligned on a 16byte boundary.  Therefore, if %rax in this
> case isn't a multiple of 16, this is a code generation bug, rather than
> an emulation bug.
> 
> ~Andrew

Attached is the full register state.

I'm very interested in getting to the bottom of this, so please let me 
know if I can do anything to help.