Background:
In the last post, we analyzed the Windows's kernel assembly instructions corresponding to timer interrupts and CPU context switches. Since we have a better understanding of what occurs at the kernel level, it is time to observe the loading delay problem encountered in Qemu when loading older snapshots of Windows XP. When a snapshot is loaded in Qemu, it may work as it is meant to, not load at all, or become unstable and slow due to a problem with the way in which Qemu handles timer interrupts.
Purpose:
Demonstrate the aforementioned problem and show the reason for Qemu's unstable behavior.
Steps:
1. Start by booting up the Linux vm that has Qemu installed and start Qemu using "sudo gdb qemu-system-i386"
2. Let's grab the run parameters for Qemu that are stored in run.sh
Then copy all the parameters from the "-m"
3. Exit vim, and the shell and paste the parameters after the run command in gdb
4. If the process crashes, we have to then type "handle SIGUSR1 noprint" and re-run Qemu
Then,
5. Now you can see that Qemu has started
6. Snapshots for the Windows XP image were taken previously and now we are going to analyze what happens when these snapshots are loaded and take note of how the system behaves. First, let's list the snapshots available and load one of them.
When I tried to load the snapshot named "snap111", Qemu crashed because the snapshot is too old.
7. Now re-run Qemu and I am going to try snap222
This time, the snapshot loads properly and it is displayed in the Qemu window
8. Now we are going to see if the snapshot is behaving as it should by sending it key commands through Qemu.
The first command I am going to send is the "sendkey d" command and it should print "d" in the command prompt.
Unfortunately, the command was not properly received by the snapshot because the timer that controls the context switch of the CPU is not working correctly. Let us try this experiment on a snapshot that was taken more recently.
9. Quit that Qemu session and re-run Qemu again.
10. Creating a new snapshot should minimize the impact of the bug in Qemu's APIC timer and allow the sendkey command to work for a period of time.
As you can see, a new snapshot has been created.
11. Let's load the snapshot and try the sendkey command again.
12. Even with a new snapshot, the command is not properly sent to the vm, because the behavior of the bug in the APIC timer and the context switch is sort of random.
2. Let's grab the run parameters for Qemu that are stored in run.sh
Then copy all the parameters from the "-m"
3. Exit vim, and the shell and paste the parameters after the run command in gdb
4. If the process crashes, we have to then type "handle SIGUSR1 noprint" and re-run Qemu
Then,
5. Now you can see that Qemu has started
6. Snapshots for the Windows XP image were taken previously and now we are going to analyze what happens when these snapshots are loaded and take note of how the system behaves. First, let's list the snapshots available and load one of them.
When I tried to load the snapshot named "snap111", Qemu crashed because the snapshot is too old.
7. Now re-run Qemu and I am going to try snap222
This time, the snapshot loads properly and it is displayed in the Qemu window
8. Now we are going to see if the snapshot is behaving as it should by sending it key commands through Qemu.
The first command I am going to send is the "sendkey d" command and it should print "d" in the command prompt.
 |
| Qemu command |
 |
| Snapshot |
Unfortunately, the command was not properly received by the snapshot because the timer that controls the context switch of the CPU is not working correctly. Let us try this experiment on a snapshot that was taken more recently.
9. Quit that Qemu session and re-run Qemu again.
10. Creating a new snapshot should minimize the impact of the bug in Qemu's APIC timer and allow the sendkey command to work for a period of time.
As you can see, a new snapshot has been created.
11. Let's load the snapshot and try the sendkey command again.
12. Even with a new snapshot, the command is not properly sent to the vm, because the behavior of the bug in the APIC timer and the context switch is sort of random.
Conclusion:
As you can see, there is a problem in the way Qemu handles snapshots. The behavior is unpredictable and makes the snapshot unusable. In addition to the sendkey command not working properly, it is worth taking note that the command prompt on the Windows vm does not display the blinking cursor as you would expect. This is also a result of the bug in the way Qemu handles the APIC timer.
No comments:
Post a Comment