Xen project Mailing List

[Xen-devel] Intel: GPF from lret to load CS with weird error code

To: jun.nakajima@xxxxxxxxx, eddie.dong@xxxxxxxxx

From: Mukesh Rathor <mukesh.rathor@xxxxxxxxxx>

Date: Wed, 29 May 2013 19:00:45 -0700

Cc: "Xen-devel@xxxxxxxxxxxxxxxxxxx" <Xen-devel@xxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 30 May 2013 02:01:15 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi Intel folks, Please help with this, the error code seems an anamoly to me: Guest (PVH) is running in vmx in 64bit mode, it loads CS: ffffffff810034d2: 2:load_cs+12 push $0x10 ffffffff810034d4: 2:load_cs+14 lea 0x2(%rip), %rax ffffffff810034db: 2:load_cs+1b push %rax ffffffff810034dc: 2:load_cs+1c lret The lret causes a GP. But the error code is strange (0xfffc): VMExit: intr_info=80000b0d errcode=0000fffc ilen=00000000 reason=00000000 qualification=00000000 I can't figure the root cause of the GP. Reading the SDMs over and over, I expect either a 0 or the selector value in the errcode field. The GDT is properly loaded too: (XEN) GDTR: limit=0x0000007f, base=0xffffffff818c2000 ffffffff818c2000: 0000000000000000 00cf9b000000ffff ffffffff818c2010: 00af9b000000ffff 00cf93000000ffff ffffffff818c2020: 00cffb000000ffff 00cff3000000ffff ffffffff818c2030: 00affb000000ffff 0000000000000000 Parsing:0xaf9b000000ffff Type:0xb(1011) => Code segment (C:0 R:1 A:1) DPL:0 P:1 AVL:0 L:1 D:0 G:1 Base:00000000 Limit:fffff Parsing:0xcf93000000ffff Type:0x3(0011) => Data segment (E:0 W:1 A:1) DPL:0 P:1 AVL:0 L:0 B:1 G:1 Base:00000000 Limit:fffff The DS and SS selectors are also properly loaded: (XEN) CS: sel=0x0000, attr=0x0a09b, limit=0xffffffff, base=0x0000000000000000 (XEN) DS: sel=0x0018, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 (XEN) SS: sel=0x0018, attr=0x0c093, limit=0xffffffff, base=0x0000000000000000 I understand the base/limit are ignored for the CS in VM_ENTRY_IA32E_MODE. Running in protected mode with paging, with LMA: EntryControls = 000053ff <=== VM_ENTRY_IA32E_MODE CR0: 0x0000000080010039 <=== PE TS ET NE WP PG cr4: 0x2660 <=== PAE mode eflags: 0x0000000000010202 <=== eflags.VM == 0 the guest EFER: Guest EFER = 0x0000000000000000 According to the SDM, 23.3.2.1, if VM_ENTRY_LOAD_GUEST_EFER is 0, then LMA is loaded with setting of VM_ENTRY_IA32E_MODE, which is 1 here. So I expect to see EFER.LMA set for the guest? Is that the problem here? Thanks, Mukesh _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.