Avi Kivity wrote:
> Jan Kiszka wrote:
>> Hi,
>>
>> running some oldish 286 protected mode demo in kvm, I came across this
>> bug of kvm-52:
>>
>> unhandled vm exit: 0x80000021 vcpu_id 0
>> ds 0000 (00100000/0000ffff p 1 dpl 3 db 0 s 1 type 3 l 0 g 0 avl 0)
>>
>>
>
> ds.base must equal ds.sel<<4 when entering real-mode on Intel. See
> fix_rmode_seg() in vmx.c which clearly doesn't handle cases where
> ds.base >= 0x100000. You might try forcing bits 20+ of ds.base to zero
> in there. This may fix the problem or move it elsewhere.
>
Yeah, this actually fixed my test case:
Ensure that segment.base == segment.selector << 4 when entering the real
mode on Intel so that the CPU will not bark at us.
Signed-off-by: Jan Kiszka <[EMAIL PROTECTED]>
---
kernel/vmx.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: kvm-52/kernel/vmx.c
===================================================================
--- kvm-52.orig/kernel/vmx.c
+++ kvm-52/kernel/vmx.c
@@ -1159,12 +1159,14 @@ static gva_t rmode_tss_base(struct kvm *
static void fix_rmode_seg(int seg, struct kvm_save_segment *save)
{
struct kvm_vmx_segment_field *sf = &kvm_vmx_segment_fields[seg];
+ unsigned base;
save->selector = vmcs_read16(sf->selector);
- save->base = vmcs_readl(sf->base);
+ save->base = base = vmcs_readl(sf->base);
save->limit = vmcs_read32(sf->limit);
save->ar = vmcs_read32(sf->ar_bytes);
- vmcs_write16(sf->selector, vmcs_readl(sf->base) >> 4);
+ vmcs_write16(sf->selector, base >> 4);
+ vmcs_write32(sf->base, base & 0xfffff);
vmcs_write32(sf->limit, 0xffff);
vmcs_write32(sf->ar_bytes, 0xf3);
}
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
kvm-devel mailing list
kvm-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/kvm-devel
