Re: Emulation failure

Paolo Bonzini <pbonzini@xxxxxxxxxx> · Tue, 20 Aug 2013 10:16:31 +0200

Il 20/08/2013 03:26, Duy Nguyen TN ha scritto:
> Vào T2, ngày 19, 08 năm 2013 lúc 11:27 +0200, Paolo Bonzini viết:
>>> The disassembled code is
>>>
>>>    0x1dd10:    push   %rbx
>>>    0x1dd11:    mov    $0x6e,%eax
>>>    0x1dd16:    mov    %rdi,%rbx
>>>    0x1dd19:    sub    $0x20,%rsp
>>>    0x1dd1d:    test   %rdi,%rdi
>>>    0x1dd20:    je     0xb1dd92
>>>    0x1dd22:    mov    0x4bf1e0(%rip),%eax
>>>    0x1dd28:    cmp    $0xffffffff,%eax
>>>    0x1dd2b:    je     0xb1ddd0
>>>    0x1dd31:    test   %eax,%eax
>>>    0x1dd33:    jne    0xb1dd92
>>>    0x1dd35:    mov    0xe1f55c(%rip),%rax
>>>    0x1dd3c:    cmpq   $0x0,0xf0(%rax)
>>>    0x1dd44:    fildll 0xf0(%rax)
>>>    0x1dd4a:    js     0xb1ddf0
>>>    0x1dd50:    mov    0xe1f54a(%rip),%eax
>>>    0x1dd56:    mov    %rax,-0x80(%rsp)
>>>    0x1dd5b:    fildll -0x80(%rsp)
>>>    0x1dd5f:    fmulp  %st,%st(1)
>>>
>>> Not sure if it helps but rax after 0xb1dd35 contains the pointer to
>>> mmap'd memory of /dev/hpet
>>
>> I think this wouldn't work even with the latest kernel.  Emulation of
>> x87 instructions is not supported yet.
> 
> I'm confused. How could this program work? It produces similar assembly
> listing

The information you posted is not really enough to get the complete
picture (it is better to grab it from ftrace in the host, or from the
QEMU monitor), but my understanding is that the instruction at 0xb1dd44
doesn't refer to RAM; it refers to a memory-mapped I/O region.  In this
case, the instructions are not executed by the processor.  Instead, they
are emulated by the hypervisor.  KVM does not support emulation of x87
instructions.

Paolo

> -- 8< --
> #include <stdio.h>
> #include <stdint.h>
> 
> uint64_t s_rtcClockPeriod = 10;
> uint64_t mc = 3000000000;
> int main(int ac, char **av)
> {
>         uint64_t value = (uint64_t)((long double)mc * 
>                          (long double)s_rtcClockPeriod /
>                         1000000000.0L);
>         printf("%lu\n", value);
>         return 0;
> }
> -- 8< --
> 
> and the assembly I got is
> 
> -- 8< --
> sub    $0x18,%rsp
> cmpq   $0x0,0x200adc(%rip)
> fildll 0x200ad6(%rip)
> js     0x4005f8 <main+184>
> cmpq   $0x0,0x200ac0(%rip)
> fildll 0x200aba(%rip)
> js     0x400612 <main+210>
> fmulp  %st,%st(1)
> fdivs  0x1ac(%rip)
> flds   0x1aa(%rip)
> fxch   %st(1)
> fucomi %st(1),%st
> jae    0x4005c0 <main+128>
> fstp   %st(1)
> fnstcw 0x16(%rsp)
> ...
> -- 8< --
> 

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html