From: Laszlo Ersek <lersek@redhat.com>
To: Kevin O'Connor <kevin@koconnor.net>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
seabios@seabios.org, qemu-stable@nongnu.org,
Aurelien Jarno <aurelien@aurel32.net>,
Dietmar Maurer <dietmar@proxmox.com>
Subject: Re: [Qemu-devel] [SeaBIOS] problems with freeBSD
Date: Fri, 08 Mar 2013 12:30:11 +0100 [thread overview]
Message-ID: <5139CBC3.8050506@redhat.com> (raw)
In-Reply-To: <20130308033507.GA31979@morn.localdomain>
On 03/08/13 04:35, Kevin O'Connor wrote:
> On Thu, Mar 07, 2013 at 09:43:04AM +0100, Aurelien Jarno wrote:
>> On Wed, Mar 06, 2013 at 07:53:51PM -0500, Kevin O'Connor wrote:
>>> That change is definitely just build related - I don't see how it
>>> could impact the final SeaBIOS binary. How did you conclude that this
>>> commit is what fixes the issue?
>>>
>>
>> I did a git bisect to find the commit fixing the issue. Then, as I was
>> not believing the result, I tried the following sequence a dozen of
>> times (for some unknown reasons the FreeBSD install CD doesn't exhibit
>> the issue, so I used the Debian GNU/kFreeBSD installer):
> [...]
>
> Thanks for the detailed bug report. Here's what I see going on:
>
> - the SeaBIOS 4219149a commit does change the resulting binary ever so
> slightly - the src/virtio_ring.c code has a reference to __FILE__
> (the only code in SeaBIOS that does that), and due to slightly
> different build rules in this commit it evaluates to a slightly
> different string.
>
> - the freebsd crash has nothing to do with 4219149a or
> src/virtio_ring.c - instead, random changes in the seabios binary
> layout can cause (or avoid) the crash. You can see this in action
> by modifying seabios to have higher debug levels, commenting out
> code, adding dprintf statements, etc.
>
> - the crash happens when freebsd attempts to emulate the bios code (!)
> in order to determine the keyboard typematic rate (!). (See
> sys/dev/atkbdc/atkbd.c.) Since SeaBIOS doesn't support the typematic
> callback rate (int 0x16 ax=0x0306) this doesn't actually achieve
> anything in practice were the call to not crash. However, a crash
> does (sometimes) result.
>
> - the freebsd x86bios_get_pages() code is buggy (See
> sys/compat/x86bios/x86bios.c). It attempts to check that its x86
> emulater (!) doesn't access a page it hasn't mapped. However, it
> does not check for the case where a two byte access spans two pages.
> If the first page is mapped, but the second is not - splat. The
> crash I've seen in QEMU had a two byte access to 0xffffff8000015fff
> with the fault at 0xffffff8000016000.
>
> - I have not been able to determine why an attempt was made to access
> a non-mapped page. My best guess is that the x86emu code (!) goes
> off the deep-end in all cases - just some cases lead it to the bug
> above and other cases lead it to a more friendly termination.
> (Recall that SeaBIOS doesn't support the typematic call anyway.) It
> should be possible to track this down by adding debug statements to
> the freebsd code if anyone is familiar with the freebsd kernel
> compile-deploy-run cycle.
Great analysis!
Laszlo
(sorry for the noise)
prev parent reply other threads:[~2013-03-08 11:28 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-06 8:21 [Qemu-devel] problems with freeBSD Dietmar Maurer
2013-03-06 12:41 ` Alexandre DERUMIER
2013-03-06 14:38 ` Dietmar Maurer
2013-03-06 15:56 ` Laszlo Ersek
2013-03-06 23:12 ` Aurelien Jarno
2013-03-07 0:53 ` Kevin O'Connor
2013-03-07 1:28 ` Laszlo Ersek
2013-03-07 1:58 ` [Qemu-devel] [SeaBIOS] " Peter Stuge
2013-03-07 6:12 ` [Qemu-devel] [Qemu-stable] " Doug Goldstein
2013-03-07 6:32 ` Peter Maydell
2013-03-07 7:17 ` Michael Tokarev
2013-03-07 11:56 ` Gerd Hoffmann
2013-03-07 13:06 ` Michael Tokarev
2013-03-07 15:03 ` Peter Maydell
2013-03-07 15:56 ` Gerd Hoffmann
2013-03-07 16:03 ` Peter Maydell
2013-03-07 16:21 ` Aurelien Jarno
2013-03-07 18:57 ` [Qemu-devel] [SeaBIOS] [Qemu-stable] " Peter Stuge
2013-03-08 7:50 ` [Qemu-devel] " Paolo Bonzini
2013-03-08 13:52 ` [Qemu-devel] [Qemu-stable] [SeaBIOS] " Kevin O'Connor
2013-03-08 14:57 ` [Qemu-devel] [SeaBIOS] [Qemu-stable] " Peter Stuge
2013-03-07 20:24 ` David Woodhouse
2013-03-08 7:47 ` Paolo Bonzini
2013-03-08 7:54 ` David Woodhouse
2013-03-08 8:20 ` Gerd Hoffmann
2013-03-08 8:33 ` Paolo Bonzini
2013-03-08 9:58 ` Gerd Hoffmann
2013-03-07 16:33 ` [Qemu-devel] [Qemu-stable] [SeaBIOS] " Dietmar Maurer
2013-03-07 11:17 ` [Qemu-devel] " Gerd Hoffmann
2013-03-07 8:43 ` Aurelien Jarno
2013-03-07 12:16 ` Laszlo Ersek
2013-03-07 13:48 ` Aurelien Jarno
2013-03-07 13:02 ` Don Slutz
2013-03-07 14:00 ` Don Slutz
2013-03-07 16:05 ` Paolo Bonzini
2013-03-07 13:57 ` Kevin O'Connor
2013-03-07 14:09 ` [Qemu-devel] [SeaBIOS] " Don Slutz
2013-03-07 16:15 ` [Qemu-devel] " Aurelien Jarno
2013-03-08 3:35 ` Kevin O'Connor
2013-03-08 11:30 ` Laszlo Ersek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5139CBC3.8050506@redhat.com \
--to=lersek@redhat.com \
--cc=aurelien@aurel32.net \
--cc=dietmar@proxmox.com \
--cc=kevin@koconnor.net \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=seabios@seabios.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).