Matteo Frigo wrote:
Avi Kivity <avi@xxxxxxxxxx> writes:
- add a watchpoint to break when the value of gs:[0x30] changes
It seems that the problem can be reproduced by compiling the following
simple program using cygwin's gcc. The program crashes on w2k3-amd64
on kvm-83 on core2-duo, and it does not crash on the same w2k3-amd64
installation on kvm-83 on AMD Phenom.
#include <setjmp.h>
jmp_buf env;
main()
{
if(setjmp(env)) return;
longjmp(env, 1);
}
The problem seems to be in the instruction ``mov gs,ax'' (Intel
syntax) in the longjmp() code. If I let the virtual machine execute
the instruction, the program crashes. However, if I step over the
instruction using the vs2008 debugger, the program completes without
crashing. Thus, I think that this is the instruction that Avi is
looking for, but I don't know how to proceed from here.
I've decoded the global descriptor table for this, and I get:
(qemu) xp/14x 0x266b000
000000000266b000: 0x00000000 0x00000000 0x00000000 0x00000000
000000000266b010: 0x00000000 0x00209b00 0x0000ffff 0x00cf9300
000000000266b020: 0x0000ffff 0x00cffb00 0x0000ffff 0x00cff300
000000000266b030: 0x00000000 0x0020fb00
The entry for gs is at offset 0x28, and has base set to 0, which is
consistent with the crash.
Can you rerun on AMD, but set add npt=0 as a kvm-amd module parameter?
This will determine if this is an mmu bug or kvm-intel bug.
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
