Re: [Qemu-devel] [Bug 1180970] [NEW] qemu: fatal: Trying to execute code outside RAM or ROM; worked in 1.4.0, fails in 1.4.92

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Paolo Bonzini <pbonzini@redhat.com>
To: Laszlo Ersek <lersek@redhat.com>
Cc: Duane Voth <duanev@gmail.com>,
	Bug 1180970 <1180970@bugs.launchpad.net>,
	qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [Bug 1180970] [NEW] qemu: fatal: Trying to execute code outside RAM or ROM; worked in 1.4.0, fails in 1.4.92
Date: Fri, 17 May 2013 12:20:54 +0200	[thread overview]
Message-ID: <51960486.3050206@redhat.com> (raw)
In-Reply-To: <519553A4.9030900@redhat.com>

Il 16/05/2013 23:46, Laszlo Ersek ha scritto:
> On 05/16/13 21:58, Duane Voth wrote:> Public bug reported:
>>
>> I'm using qemu to run and debug the EDK2 uEFI environment. OVMF is
>> being built out of the EDK2 tree I've checked out (r14367).
>> (Reproducing all this could be tedious so I am available for
>> debugging/testing.)
>>
>> qemu 1.4.0 was able to execute this guest environment with no trouble,
>> qemu 1.4.92 however issues an error message and aborts.  The command
>> line I use to start qemu is:
>>
>> $ /usr/local/bin/qemu-system-x86_64 -m 1024 -bios OVMF.fd -monitor stdio
>>
>> 1.4.92 gives the following register dump:
>>
>> QEMU 1.4.92 monitor - type 'help' for more information
>> (qemu) qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000100000000
>>
>> RAX=000000003e084da8 RBX=000000003e084868 RCX=0000000000000000 RDX=000000003e084f00
>> RSI=0000000000000001 RDI=000000003e085000 RBP=000000003e084708 RSP=000000003fac8510
>> R8 =0000000000000000 R9 =000000003e14c3e3 R10=0000000000000033 R11=00000000000000d3
>> R12=000000003e0848a0 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
>> RIP=00000000ffffffe4 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
>> ES =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> CS =0028 0000000000000000 ffffffff 00af9b00 DPL=0 CS64 [-RA]
>> SS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> DS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> FS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> GS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> LDT=0000 0000000000000000 0000ffff 00008200 DPL=0 LDT
>> TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy
>> GDT=     000000003fa50e98 0000003f
>> IDT=     000000003f9d6e20 00000fff
>> CR0=80000033 CR2=0000000000000000 CR3=000000003fa67000 CR4=00000668
>> ...
>>
>>
>> Questions:
>> 1) Is this problem relevant?  (is full backward compatability to be
>> supported?)
>> 2) Are there new guest execution controls in 1.4.9x that might cause
>> this?
>> 3) If #2, can they be disabled by a qemu command line switch?
>> 4) If not #2, in what qemu source file specifically can I find the
>> logic causing the abort? (help me help you :)
>> 5) If guest memory is corrupted or improperly mapped, how can I keep
>> qemu alive to examime/dump guest memory?
> 
> I reckon you don't see this with KVM enabled. (Because I don't see it
> with KVM enabled, with my own OVMF builds anyway :), plus the "Trying to
> execute code outside RAM or ROM" message comes from code that strikes me
> as part of TCG.)
> 
> It surprises me that RIP=00000000ffffffe4 whereas get_page_addr_code()
> [cputlb.c] logs "at 0x0000000100000000".
> 
> The RIP seems to be in OVMF init code.
> 
> 0x0000000100000000 is 4G exactly and looks suspicious.
> 
> Can you try bisecting TCG between 1.4.0 and current master?
> 
> git log --oneline --reverse v1.4.0.. -- tcg \
> | egrep -v 'tcg[-/](arm|ppc|sparc|s390|mips)'
> 
>   0b0d332 TCG: Final globals clean-up
>   5e5f07e TCG: Move translation block variables to new context inside tcg_ctx: tb_ctx
>   24537a0 qemu-log: Rename the public-facing cpu_set_log function to qemu_set_log
>   e6a7273 tcg: Make 32-bit multiword operations optional for 64-bit hosts
>   bbc863b tcg-i386: Always implement 32-bit multiword ops
>   d7156f7 tcg: Add 64-bit multiword arithmetic operations
>   4d3203f tcg: Add signed multiword multiplication operations
>   3c51a98 tcg: Implement a 64-bit to 32-bit extraction helper
>   696a8be tcg: Implement multiword multiply helpers
>   f6953a7 tcg: Implement multiword addition helpers
>   624988a tcg-i386: Implement multiword arithmetic ops
>   f402f38 tcg: Implement muls2 with mulu2
>   f1fae40 tcg: Apply life analysis to 64-bit multiword arithmetic ops
>   989b697 qemu-log: default to stderr for logging output
>   0980011 tcg: Document tcg_qemu_tb_exec() and provide constants for low bit uses
>   378df4b Handle CPU interrupts by inline checking of a flag
>   294e466 Use proper term in TCG README
>   2d49754 tcg-optimize: Fold sub r,0,x to neg r,x
>   03fc054 tci: Use 32-bit signed offsets to loads/stores
>   4699ca6 tci: Delete unused tb_ret_addr
>   ee79c35 tci: Make tcg temporaries local to tcg_qemu_tb_exec
>   0a9c234 Merge branch 'tci' of git://qemu.weilnetz.de/qemu
>   ed60512 tcg: fix deposit_i64 op on 32-bit targets
>   d6b64b2 tcg: Log the contents of the prologue with -d out_asm
>   66e61b5 tcg/optimize: fix setcond2 optimization
> 
> Anyway I'm just throwing around words and waving my hand, hoping that
> someone with actual insight will chime in.

You also need to add target-i386/ to this list, but yes, bisection
sounds like a plan.

I suggest that you bisect using a new build directory on every
compilation step, something like "rm -rf build; mkdir build; (cd build
&& ../configure --target-list=x86_64-softmmu && make -jNN)".

Paolo

next prev parent reply	other threads:[~2013-05-17 10:21 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-16 19:58 [Qemu-devel] [Bug 1180970] [NEW] qemu: fatal: Trying to execute code outside RAM or ROM; worked in 1.4.0, fails in 1.4.92 Duane Voth
2013-05-16 20:01 ` [Qemu-devel] [Bug 1180970] " Duane Voth
2013-05-16 21:46 ` [Qemu-devel] [Bug 1180970] [NEW] " Laszlo Ersek
2013-05-16 22:32   ` Duane Voth
2013-05-16 22:44     ` Laszlo Ersek
2013-05-17 10:20   ` Paolo Bonzini [this message]
2013-05-17 15:35 ` [Qemu-devel] [Bug 1180970] " Launchpad Bug Tracker
2013-05-17 15:39 ` Marco Trevisan (Treviño)
2013-05-17 20:03   ` Duane Voth
2013-05-21 18:16     ` Duane Voth
2013-05-24 21:37 ` Laszlo Ersek
2013-05-24 21:49 ` Laszlo Ersek
2013-05-29 19:05 ` Duane Voth
2016-09-28 14:28 ` T. Huth
2016-09-28 14:59   ` Duane Voth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=51960486.3050206@redhat.com \
    --to=pbonzini@redhat.com \
    --cc=1180970@bugs.launchpad.net \
    --cc=duanev@gmail.com \
    --cc=lersek@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).