Bug 209982

Summary: hvm with Windows XP SP2 gets destroyed when XP switches to protected mode
Product: [Fedora] Fedora Reporter: Thorsten Leemhuis <fedora>
Component: xenAssignee: Xen Maintainance List <xen-maint>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: bstein, katzj
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-19 07:39:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thorsten Leemhuis 2006-10-09 09:12:45 UTC
Description of problem:
Trying to install Windows XP SP2 x86 as a HVM fails with latest rawhide (both
x86 and x64) on two machines. 

One Box has an AMD Athlon X2 4600 (AM2, Asus Board with
nForce 590 SLI), the other has a Intel Core 2 Duo (6400, Intel Board
with G965).

The virtual instances on both machines get destroyed when the Setup of Windows
XP switches to protected mode (e.g. after loading all the drives when the
screen normally goes black for a moment and before the actual text-based
setup starts with EULA and stuff). Both show a similar problem [(XEN)
2b, This opcode isn't handled yet!].

Details from the AMD-Machine as x86:

> (XEN) hvm_vioapic_write_indirect: version register read only
> (XEN) hvm_vioapic_write_indirect: version register read only
> (XEN) hvm_vioapic_write_indirect: version register read only
> (XEN) This hvm_vlapic is for P4, no work for De-assert init
> (XEN) 2b, This opcode isn't handled yet!
> (XEN) handle_mmio: failed to decode instruction
> (XEN) mmio opcode: va 0xfffe0390, gpa 0xfee00390, len 6: 2b 05 90 03 fe ff
> (XEN) domain_crash_sync called from platform.c:898
> (XEN) Domain 1 (vcpu#0) crashed on cpu#1:
> (XEN) ----[ Xen-3.0-unstable  x86_32p  debug=n  Not tainted ]----
> (XEN) CPU:    1
> (XEN) EIP:    0008:[<801b1a95>]
> (XEN) EFLAGS: 00000002   CONTEXT: hvm
> (XEN) eax: 00000270   ebx: 68747541   ecx: 173016a0   edx: 00000000
> (XEN) esi: 000000ff   edi: ffdff000   ebp: 8088a240   esp: 8088a224
> (XEN) cr0: 8001003d   cr4: 00000000   cr3: 00039000   cr2: 00000000
> (XEN) ds: 0023   es: 0023   fs: 0030   gs: 0000   ss: 0010   cs: 0008

Details from the AMD-Machine as x64:

> (XEN) hvm_vioapic_write_indirect: version register read only
> (XEN) hvm_vioapic_write_indirect: version register read only
> (XEN) hvm_vioapic_write_indirect: version register read only
> (XEN) This hvm_vlapic is for P4, no work for De-assert init
> (XEN) 2b, This opcode isn't handled yet!
> (XEN) handle_mmio: failed to decode instruction
> (XEN) mmio opcode: va 0xfffe0390, gpa 0xfee00390, len 6: 2b 05 90 03 fe ff
> (XEN) domain_crash_sync called from platform.c:898
> (XEN) Domain 1 (vcpu#0) crashed on cpu#0:
> (XEN) ----[ Xen-3.0-unstable  x86_64  debug=n  Not tainted ]----
> (XEN) CPU:    0
> (XEN) RIP:    0008:[<00000000801b1a95>]
> (XEN) RFLAGS: 0000000000000002   CONTEXT: hvm
> (XEN) rax: 0000000000000270   rbx: 0000000068747541   rcx: 00000000119dbadd
> (XEN) rdx: 0000000000000000   rsi: 00000000000000ff   rdi: 00000000ffdff000
> (XEN) rbp: 000000008088a240   rsp: 000000008088a224   r8:  0000000000000000
> (XEN) r9:  0000000000000000   r10: 0000000000000000   r11: 0000000000000000
> (XEN) r12: 0000000000000000   r13: 0000000000000000   r14: 0000000000000000
> (XEN) r15: 0000000000000000   cr0: 000000008001003d   cr4: 0000000000000000
> (XEN) cr3: 0000000000039000   cr2: 0000000000000000
> (XEN) ds: 0023   es: 0023   fs: 0030   gs: 0000   ss: 0010   cs: 0008

And from the Core 2 Duo (x86, x64 failure was similar):

> (XEN) hvm_vioapic_write_indirect: version register read only
> (XEN) hvm_vioapic_write_indirect: version register read only
> (XEN) hvm_vioapic_write_indirect: version register read only
> (XEN) This hvm_vlapic is for P4, no work for De-assert init
> (XEN) 2b, This opcode isn't handled yet!
> (XEN) handle_mmio: failed to decode instruction
> (XEN) mmio opcode: va 0xfffe0390, gpa 0xfee00390, len 6: 2b 05 90 03 fe ff
> (XEN) domain_crash_sync called from platform.c:898
> (XEN) Domain 1 (vcpu#0) crashed on cpu#1:
> (XEN) ----[ Xen-3.0-unstable  x86_32p  debug=n  Not tainted ]----
> (XEN) CPU:    1
> (XEN) EIP:    0008:[<801b1a95>]
> (XEN) EFLAGS: 00010002   CONTEXT: hvm
> (XEN) eax: 00000270   ebx: 756e6547   ecx: 0fee8b88   edx: 00000000
> (XEN) esi: 000000ff   edi: ffdff000   ebp: 8088a240   esp: 8088a224
> (XEN) cr0: 8005003d   cr4: 00000651   cr3: 001afda0   cr2: 00000000
> (XEN) ds: 0023   es: 0023   fs: 0030   gs: 0000   ss: 0010   cs: 0008

Version-Release number of selected component (if applicable):
kernel-xen-2.6.18-1.2747.fc6xen
xen-3.0.2-44

How reproducible:
Always.

Comment 1 Stephen Tweedie 2006-10-09 10:52:28 UTC
> (XEN) 2b, This opcode isn't handled yet!

indicates that XP is relying on certain instructions not yet fully emulated by
the Xen HVM support.  There is significant work going on in this area upstream
at present, so we'll probably have to wait for that to be integrated before we
can take this one further.

Comment 2 Brian Stein 2006-10-09 12:26:23 UTC
Added XenSource BZ reference.

Comment 3 Thorsten Leemhuis 2006-10-09 14:51:25 UTC
(In reply to comment #1)
> > (XEN) 2b, This opcode isn't handled yet!
> indicates that XP is relying on certain instructions not yet fully emulated by
> the Xen HVM support.

Thank's sct.

(In reply to comment #2)
> Added XenSource BZ reference.

Well, that looks like a totally different bug to me. But who am I to judge...

Comment 4 Brian Stein 2006-10-09 15:15:09 UTC
d'oh.  our wrong bz.  my mistake.

Comment 5 Thorsten Leemhuis 2006-10-19 07:39:45 UTC
Seems to be a lot better now with the latest xen and kernel from rawhide -- the
first part of the Setup finishes. I don't get any further, but maybe that my
fault. I'll open a sperate bug for it if not.

thx for your work, closing.