Fix boot loader hangs with syslinux's 32-bit vesamenu module.

Syslinux can load 32-bit UI code for menu handling.  But the core of
syslinux is still 16-bit.  When it jumps to this 32-bit code, it
installs a set of 32-bit interrupt trap handlers which just bounce the
interrupts back to 16-bit mode.

But this plays badly with vmxassist.  When running 16-bit boot loader
code, vmxassist installs its own trap handlers which bounce vPIC
interrupts back down to 16-bit mode.  The trap handlers live at
int 0x20 to 0x2f, so when the 16-bit code tries to reprogram the vPIC,
vm86 rewrites the outb()s on the fly to set the irq_base vectors
accordingly.

So when syslinux enters 32-bit mode, the vPIC has still been
programmed to point to vmxassist's bounce traps, even though vmxassist
is no longer active once the guest is running 32-bit code.  So the
wrong interrupts get delivered to the guest.

Fix this by restoring the rombios vPIC irq_base vectors when we leave
vmxassist mode, and returning the vmxassist traps when we reenter it.
These irq base values are hard-coded in this patch, but they are
already hard-coded in vmxassist so any boot code that relies on
changing them will already fail.

Signed-off-by: Stephen Tweedie <sct@redhat.com>

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index d2eff79d10f7446cec5b407750e8d94ad54214e3..e84b36d778a16bc26cd0f37f1bc731f0b90997e4 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2002,6 +2002,19 @@ static int vmx_assist(struct vcpu *v, int mode)
             if ( vmx_world_restore(v, &c) != 0 )
                 goto error;
             v->arch.hvm_vmx.vmxassist_enabled = 1;
+            /*
+             * The 32-bit vmxassist vm86.c support code is hard-coded to
+             * expect vPIC interrupts to arrive at interrupt traps 0x20-0x27
+             * and 0x28-0x2f.  It bounces these to 16-bit boot code traps
+             * 0x08-0x0f and 0x70-0x77.  But when the guest transitions
+             * to true native 32-bit mode, vmxassist steps out of the
+             * way and no such bouncing occurs; so we need to rewrite
+             * the vPIC irq base to point directly to 0x08/0x70 (see
+             * code just below).  So on re-entering 16-bit mode, we need
+             * to reset the vPICs to go back to the 0x20/0x28 bounce traps.
+             */
+            v->domain->arch.hvm_domain.vpic[0].irq_base = 0x20;
+            v->domain->arch.hvm_domain.vpic[1].irq_base = 0x28;
             return 1;
         }
         break;
@@ -2020,6 +2033,12 @@ static int vmx_assist(struct vcpu *v, int mode)
             if ( vmx_world_restore(v, &c) != 0 )
                 goto error;
             v->arch.hvm_vmx.vmxassist_enabled = 0;
+            /*
+             * See comment above about vmxassist 16/32-bit vPIC behaviour.
+             * The irq_base values are hard-coded into vmxassist vm86.c.
+             */
+            v->domain->arch.hvm_domain.vpic[0].irq_base = 0x08;
+            v->domain->arch.hvm_domain.vpic[1].irq_base = 0x70;
             return 1;
         }
         break;