Re: Guest memory backed by PCI BAR (x86)

Nate Case Thu, 26 Mar 2015 09:36:04 -0700

> > 
> > The trace file is available here:
> > 
> >      http://oss.xes-inc.com/xtmp/trace-pcimem-memtest86-reset.dat.gz
> 
> Run QEMU with "-no-reboot -no-shutdown -monitor stdio".  When it
> crashes, run "info registers" and then "x/70i 0", and email the output.


QEMU output:

---[snip]---
$ qemu-system-x86_64 -enable-kvm -name testVM6 -machine \
q35,accel=kvm,usb=off -cpu Haswell -m 256 -realtime mlock=off -smp \
1,sockets=1,cores=1,threads=1 -boot order=d image.memtest -vga std \
-display vnc=${LAN_IP}:0 -mem-path \
/sys/bus/pci/devices/0000\:01:00.0/resource2_wc --mem-prealloc -cdrom \
memtest86+-5.01.iso -s -S -d cpu_reset,unimp,guest_errors,int,pcall \
-no-reboot -no-shutdown -monitor stdio
QEMU 2.2.0 monitor - type 'help' for more information
(qemu) CPU Reset (CPU 0)

[[ trimmed initial reset with all zeroed registers ]]

CPU Reset (CPU 0)
EAX=00000000 EBX=00000000 ECX=00000000 EDX=000306c1
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 
DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
CCS=00000000 CCD=00000000 CCO=DYNAMIC
EFER=0000000000000000
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
---[snip]---

gdb output:

---[snip]---
real-mode-gdb$ info registers
eax            0x18     24
ecx            0x2000   8192
edx            0x92     146
ebx            0x0      0
esp            0x800    0x800
ebp            0x1d0    0x1d0
esi            0x5a00   23040
edi            0x3ff4   16372
eip            0x58     0x58
eflags         0x10046  [ PF ZF RF ]
cs             0x9020   36896
ss             0x9000   36864
ds             0x18     24
es             0x18     24
fs             0x9000   36864
gs             0x9000   36864
real-mode-gdb$ x/70i 0
   0x0: push   bx
   0x1: inc    WORD PTR [bx+si]
   0x3: lock push bx
   0x5: inc    WORD PTR [bx+si]
   0x7: lock ret 
   0x9: loop   0xb
   0xb: lock push bx
   0xd: inc    WORD PTR [bx+si]
   0xf: lock push bx
   0x11:        inc    WORD PTR [bx+si]
   0x13:        lock push bx
   0x15:        inc    WORD PTR [bx+si]
   0x17:        lock push bx
   0x19:        inc    WORD PTR [bx+si]
   0x1b:        lock push bx
   0x1d:        inc    WORD PTR [bx+si]
   0x1f:        lock movs WORD PTR es:[di],WORD PTR ds:[si]
   0x21:        inc    BYTE PTR [bx+si]
   0x23:        lock xchg cx,bp
   0x26:        add    al,dh
   0x28:        jmp    0xf9
   0x2b:        lock jmp 0xfd
   0x2f:        lock jmp 0x101
   0x33:        lock jmp 0x105
   0x37:        lock jmp 0x109
   0x3b:        lock jmp 0x10d
   0x3f:        lock mov dl,BYTE PTR [bx+si+0x0]
   0x43:        ror    BYTE PTR [di-0x8],0x0
   0x47:        lock inc cx
   0x49:        clc    
   0x4a:        add    al,dh
   0x4c:        (bad)  
   0x4d:        jcxz   0x4f
   0x4f:        lock cmp di,sp
   0x52:        add    al,dh
   0x54:        pop    cx
   0x55:        clc    
   0x56:        add    al,dh
=> 0x58:        cs
   0x59:        call   0xf05c
   0x5c:        shr    bh,cl
   0x5e:        add    al,dh
   0x60:        add    ax,0xcf
   0x63:        lock repnz out 0x0,al
   0x67:        lock outs dx,BYTE PTR ds:[si]
   0x69:        inc    BYTE PTR [bx+si]
   0x6b:        lock push bx
   0x6d:        inc    WORD PTR [bx+si]
   0x6f:        lock push bx
   0x71:        inc    WORD PTR [bx+si]
   0x73:        lock push bx
   0x75:        inc    WORD PTR [bx+si]
   0x77:        lock hlt 
   0x79:        aas    
   0x7a:        add    BYTE PTR [bx+si-0x7a78],dl
   0x7e:        add    al,al
   0x80:        push   bx
   0x81:        inc    WORD PTR [bx+si]
   0x83:        lock push bx
   0x85:        inc    WORD PTR [bx+si]
   0x87:        lock push bx
   0x89:        inc    WORD PTR [bx+si]
   0x8b:        lock push bx
   0x8d:        inc    WORD PTR [bx+si]
   0x8f:        lock push bx
   0x91:        inc    WORD PTR [bx+si]
   0x93:        lock push bx
   0x95:        inc    WORD PTR [bx+si]
   0x97:        lock push bx
   0x99:        inc    WORD PTR [bx+si]
---[snip]---

Thanks,

Nate
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Guest memory backed by PCI BAR (x86)

Reply via email to