Il 19/09/2013 16:36, Andriy Gapon ha scritto: > Not sure how the code ends up at 0x9315 after that.
Events are dropped, probably corresponding to more emulation. > And here is original assembly code: > rret_tramp: movw $MEM_ESPR-0x08,%sp # Reset stack pointer > pushal # Save gp regs > pushl %gs # Save > pushl %fs # seg > pushl %ds # regs > pushl %es > pushfl # Save %eflags > cli # Disable interrupts > std # String ops dec > xorw %ax,%ax # Reset seg > movw %ax,%ds # regs > movw %ax,%es # (%ss is already 0) > lidt idtdesc # Set IDT > lgdt gdtdesc # Set GDT > mov %cr0,%eax # Switch to protected > inc %ax # mode > mov %eax,%cr0 # > ljmp $SEL_SCODE,$rret_tramp.1 # To 32-bit code > .code32 > rret_tramp.1: xorl %ecx,%ecx # Zero > movb $SEL_SDATA,%cl # Setup > movw %cx,%ss # 32-bit > movw %cx,%ds # seg > movw %cx,%es # regs > movl MEM_ESPR-0x04,%esp # Switch to kernel stack > leal 0x44(%esp,1),%esi # Base of frame > andb $~0x2,tss_desc+0x5 # Clear TSS busy > movb $SEL_TSS,%cl # Set task > ltr %cx # register > > I can provide full logs, etc. > Please let me know what else I could do. > Thanks! > -- 1) Can you try loading the kvm_intel module with emulate_invalid_guest_state=0? 2) What are the contents of fs and gs? Why are they not zeroed? Perhaps that is causing invalid guest state emulation to run, and then something is triggering a bug in emulate_invalid_guest_state itself. 3) What is at 0x9315? Paolo
