09.10.2020 18:30, Sean Christopherson пишет:
The only other effect of setting VMXE was clearing VME. Which shouldn't
affect anything either, right?
Hmm, clearing VME would mean that exceptions/interrupts within the guest would
trigger a switch out of v86 and into vanilla protected mode. v86 and PM have
different consistency checks, particularly for segmentation, so it's plausible
that clearing CR4.VME inadvertantly worked around the bug by avoiding invalid
guest state for v86.
Almost.
So with your patch set (thanks!) and a
bit of further investigations, it now became
clear where the problem is.
We have this code:
---
|cpuid->nent = 2; // Use the same values as in emu-i386/simx86/interp.c
// (Pentium 133-200MHz, "GenuineIntel") cpuid->entries[0] = (struct
kvm_cpuid_entry) { .function = 0, .eax = 1, .ebx = 0x756e6547, .ecx =
0x6c65746e, .edx = 0x49656e69 }; // family 5, model 2, stepping 12, fpu
vme de pse tsc msr mce cx8 cpuid->entries[1] = (struct kvm_cpuid_entry)
{ .function = 1, .eax = 0x052c, .ebx = 0, .ecx = 0, .edx = 0x1bf }; ret
= ioctl(vcpufd, KVM_SET_CPUID, cpuid); free(cpuid); if (ret == -1) {
perror("KVM: KVM_SET_CPUID"); return 0; } --- It tries to enable VME
among other things. qemu appears to disable VME by default, unless you
do "-cpu host". So we have a situation where the host (which is qemu)
doesn't have VME, and guest (dosemu) is trying to enable it. Now obviously ||KVM_SET_CPUID| doesn't check anyting
at all and returns success. That later turns
into an invalid guest state.
Question: should|KVM_SET_CPUID| check for
supported bits, end return error if not everything
is supported?
||
