From: Kevin O'Connor <kevin@koconnor.net>
To: Aurelien Jarno <aurelien@aurel32.net>
Cc: qemu-stable@nongnu.org, seabios@seabios.org,
Dietmar Maurer <dietmar@proxmox.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] problems with freeBSD
Date: Thu, 7 Mar 2013 22:35:07 -0500 [thread overview]
Message-ID: <20130308033507.GA31979@morn.localdomain> (raw)
In-Reply-To: <20130307084304.GA17400@ohm.aurel32.net>
On Thu, Mar 07, 2013 at 09:43:04AM +0100, Aurelien Jarno wrote:
> On Wed, Mar 06, 2013 at 07:53:51PM -0500, Kevin O'Connor wrote:
> > That change is definitely just build related - I don't see how it
> > could impact the final SeaBIOS binary. How did you conclude that this
> > commit is what fixes the issue?
> >
>
> I did a git bisect to find the commit fixing the issue. Then, as I was
> not believing the result, I tried the following sequence a dozen of
> times (for some unknown reasons the FreeBSD install CD doesn't exhibit
> the issue, so I used the Debian GNU/kFreeBSD installer):
[...]
Thanks for the detailed bug report. Here's what I see going on:
- the SeaBIOS 4219149a commit does change the resulting binary ever so
slightly - the src/virtio_ring.c code has a reference to __FILE__
(the only code in SeaBIOS that does that), and due to slightly
different build rules in this commit it evaluates to a slightly
different string.
- the freebsd crash has nothing to do with 4219149a or
src/virtio_ring.c - instead, random changes in the seabios binary
layout can cause (or avoid) the crash. You can see this in action
by modifying seabios to have higher debug levels, commenting out
code, adding dprintf statements, etc.
- the crash happens when freebsd attempts to emulate the bios code (!)
in order to determine the keyboard typematic rate (!). (See
sys/dev/atkbdc/atkbd.c.) Since SeaBIOS doesn't support the typematic
callback rate (int 0x16 ax=0x0306) this doesn't actually achieve
anything in practice were the call to not crash. However, a crash
does (sometimes) result.
- the freebsd x86bios_get_pages() code is buggy (See
sys/compat/x86bios/x86bios.c). It attempts to check that its x86
emulater (!) doesn't access a page it hasn't mapped. However, it
does not check for the case where a two byte access spans two pages.
If the first page is mapped, but the second is not - splat. The
crash I've seen in QEMU had a two byte access to 0xffffff8000015fff
with the fault at 0xffffff8000016000.
- I have not been able to determine why an attempt was made to access
a non-mapped page. My best guess is that the x86emu code (!) goes
off the deep-end in all cases - just some cases lead it to the bug
above and other cases lead it to a more friendly termination.
(Recall that SeaBIOS doesn't support the typematic call anyway.) It
should be possible to track this down by adding debug statements to
the freebsd code if anyone is familiar with the freebsd kernel
compile-deploy-run cycle.
-Kevin
next prev parent reply other threads:[~2013-03-08 3:35 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-06 8:21 [Qemu-devel] problems with freeBSD Dietmar Maurer
2013-03-06 12:41 ` Alexandre DERUMIER
2013-03-06 14:38 ` Dietmar Maurer
2013-03-06 15:56 ` Laszlo Ersek
2013-03-06 23:12 ` Aurelien Jarno
2013-03-07 0:53 ` Kevin O'Connor
2013-03-07 1:28 ` Laszlo Ersek
2013-03-07 1:58 ` [Qemu-devel] [SeaBIOS] " Peter Stuge
2013-03-07 6:12 ` [Qemu-devel] [Qemu-stable] " Doug Goldstein
2013-03-07 6:32 ` Peter Maydell
2013-03-07 7:17 ` Michael Tokarev
2013-03-07 11:56 ` Gerd Hoffmann
2013-03-07 13:06 ` Michael Tokarev
2013-03-07 15:03 ` Peter Maydell
2013-03-07 15:56 ` Gerd Hoffmann
2013-03-07 16:03 ` Peter Maydell
2013-03-07 16:21 ` Aurelien Jarno
2013-03-07 18:57 ` [Qemu-devel] [SeaBIOS] [Qemu-stable] " Peter Stuge
2013-03-08 7:50 ` [Qemu-devel] " Paolo Bonzini
2013-03-08 13:52 ` [Qemu-devel] [Qemu-stable] [SeaBIOS] " Kevin O'Connor
2013-03-08 14:57 ` [Qemu-devel] [SeaBIOS] [Qemu-stable] " Peter Stuge
2013-03-07 20:24 ` David Woodhouse
2013-03-08 7:47 ` Paolo Bonzini
2013-03-08 7:54 ` David Woodhouse
2013-03-08 8:20 ` Gerd Hoffmann
2013-03-08 8:33 ` Paolo Bonzini
2013-03-08 9:58 ` Gerd Hoffmann
2013-03-07 16:33 ` [Qemu-devel] [Qemu-stable] [SeaBIOS] " Dietmar Maurer
2013-03-07 11:17 ` [Qemu-devel] " Gerd Hoffmann
2013-03-07 8:43 ` Aurelien Jarno
2013-03-07 12:16 ` Laszlo Ersek
2013-03-07 13:48 ` Aurelien Jarno
2013-03-07 13:02 ` Don Slutz
2013-03-07 14:00 ` Don Slutz
2013-03-07 16:05 ` Paolo Bonzini
2013-03-07 13:57 ` Kevin O'Connor
2013-03-07 14:09 ` [Qemu-devel] [SeaBIOS] " Don Slutz
2013-03-07 16:15 ` [Qemu-devel] " Aurelien Jarno
2013-03-08 3:35 ` Kevin O'Connor [this message]
2013-03-08 11:30 ` [Qemu-devel] [SeaBIOS] " Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130308033507.GA31979@morn.localdomain \
--to=kevin@koconnor.net \
--cc=aurelien@aurel32.net \
--cc=dietmar@proxmox.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=seabios@seabios.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).