Re: [Qemu-devel] qemu-kvm problem with DOS/4GW extender and EMM386.EXE

Avi Kivity <avi@xxxxxxxxxx> · Wed, 12 May 2010 00:21:08 +0300

On 05/11/2010 11:56 PM, Andy Walls wrote:
Running an MS-DOS 6.22 image with qemu-kvm on a RedHat Linux OS, I
noticed the guest OS becomes hung and my dmesg gets spammed with

	set_cr0: #GP, set PG flag with a clear PE flag

That message appears to be the linux kernel's kvm emulator griping about
Paging Enable bit being enabled while the Protection Enable bit is set
for real mode.  (The Intel manual says this should be a protection
fault).

The program that causes this has the DOS/4GW DOS extender runtime
compiled into it.

I found that when I don't load the EMM386.EXE memory manager, the
problem doesn't occur.

Here's a kvmtrace segment of when things are not working:

Please post kvm issues to kvm@vger.

0 (+           0)  CR_READ       vcpu = 0x00000000  pid = 0x00001997 [ CR# = 0, value = 0x00000000 80000011 ]
28471049900815 (+        4000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049903815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x00000010, rip = 0x00000000 00002a73 ]
0 (+           0)  LMSW          vcpu = 0x00000000  pid = 0x00001997 [ value = 0x80000010 ]
28471049933815 (+       30000)  VMENTRY       vcpu = 0x00000000  pid = 0x00001997
28471049936815 (+        3000)  VMEXIT        vcpu = 0x00000000  pid = 0x00001997 [ exitcode = 0x0000007b, rip = 0x00000000 00001fd6 ]

To me it appears EMM386.EXE enables paging, and the DOS/4GW DOS extender
tries to manipulate the PE bit in CR0 with LMSW but doesn't succeed.

These programs appear to work fine in VMWare and on real hardware.

Any ideas on how to make EMM386.EXE and the DOS/$GW extender work in
qemu-kvm?

Looks like a bug in the implementation of LMSW.  The manual says:

If the PE flag of the source operand (bit 0) is set to 1, the 
instruction causes the
processor to switch to protected mode. While in protected mode, the 
LMSW instruc-
tion cannot be used to clear the PE flag and force a switch back to 
real-address mode.

But kvm doesn't implement that.  Instead, it follows the operation section:

Operation
CR0[0:3] ← SRC[0:3];

--
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html