Subject: a bug in qemu-retranslator with Windows7 x64 Zero Page Thread
Date: 20 ноября 2013 г., 19:28:04 GMT+04:00
Dear Sirs,
I've run into a curious bug in qemu retranslator that looks like a code self-modification from Zero Page Thread.
Test case:
Win7 x64 on installation while running w/o KVM gives a BSOD. 45/45 - 100% reproduction. I've tried to analyze dumps but it is installation stage and qemu has some troubles with serial debugging (i've failed to press F8 for choosing debug mode in the target moment)
Workaround:
I've tried to localize the issue and finally got this suspicious workaround.
My hack is to interrupt block creation for XORs in ZPT (zero page thread of Windows kernel) while TARGET_HAS_PRECISE_SMC is turned off. By "Interrupt block creation" I mean inserting gen_eob for all XORs in ZPT. ZPT contains a number of XORs that aimed to null a target page. Code looks like "lock xor [rcx], rdx; xor [rcx+8], rdx; xor [rcx + 16], rdx; ..". If 2 XORs are in one block, Windows BSODs. If I enable TARGET_HAS_PRECISE_SMC it doesn't work either.
It is the second bug I found during installation - the first one with CR4_DE and I'll send patch later. But now I am really curious about your suggestions. I am not that good in debugging qemu retranslated code and I'll be grateful for any tips regarding it.
Best regards,
Anna