Hi all, I am trying to debug why the grub crashed (under usbrom) after loading certain blocks into the memory. My new found is that while usbrom is trying to load (block lba=0x0019a9e0). it crashed. the flow is usb_new_read(0,0x0019a9e0,0x20,0xfffa2000), 0x20 is the count which should be read, and the 0xfffa2000 is the virtual address of (0x70000). usb_new_read call readwrite_blocks then execute_command. after executed wrap_cbw in execute_command. it should call dev->controller->bulk, this address is a wrong address. my debug information are below:
BIOS Debugger Node : 0, Core : 0 rAX= 8020425D rBX= 00000000 rCX= 00108F15 rDX= 50588214 rSI= 00108FE8 rDI= FFF97D20 rBP= 00108F38 rSP= 00108EF0 rIP= 00006F22 CS Sel= 0008 DS Sel= 0010 ES Sel= 0010 FS Sel= 0000 GS Sel= 0000 SS Sel= 0010 CF PF AF ZF SF TF IF DF OF IOPL NT RF VM AC VIF VIP ID 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0008:00006EC3 C7 45 FC 01 00 00 00 mov [ebp-04h],00000001h 0008:00006ECA 8B 45 14 mov eax,[ebp+14h] 0008:00006ECD 89 44 24 10 mov [esp+10h],eax 0008:00006ED1 8B 45 10 mov eax,[ebp+10h] 0008:00006ED4 89 44 24 0C mov [esp+0ch],eax 0008:00006ED8 8B 45 0C mov eax,[ebp+0ch] 0008:00006EDB 89 44 24 08 mov [esp+08h],eax 0008:00006EDF 8B 45 1C mov eax,[ebp+1ch] 0008:00006EE2 89 44 24 04 mov [esp+04h],eax 0008:00006EE6 8D 45 DD lea eax,[ebp-23h] 0008:00006EE9 89 04 24 mov [esp],eax 0008:00006EEC E8 CF FE FF FF call loc_00006dc0h /*this is wrap_cbw*/ 0008:00006EF1 8B 45 08 mov eax,[ebp+08h] 0008:00006EF4 8B 00 mov eax,[eax] 0008:00006EF6 8B 90 20 02 00 00 mov edx,[eax+00000220h] 0008:00006EFC 8D 4D DD lea ecx,[ebp-23h] 0008:00006EFF 8B 45 08 mov eax,[ebp+08h] 0008:00006F02 8B 80 18 03 00 00 mov eax,[eax+00000318h] 0008:00006F08 8B 40 0C mov eax,[eax+0ch] 0008:00006F0B C7 44 24 0C 00 00 00 00 mov [esp+0ch],00000000h 0008:00006F13 89 4C 24 08 mov [esp+08h],ecx 0008:00006F17 C7 44 24 04 1F 00 00 00 mov [esp+04h],0000001fh 0008:00006F1F 89 04 24 mov [esp],eax 0008:00006F22 FF D2 call edx /*here it will jump into 50588214*/ 0008:00006F24 85 C0 test eax,eax 0008:00006F26 74 20 jz loc_00006f48h 0008:00006F28 8B 45 08 mov eax,[ebp+08h] 0008:00006F2B 8B 80 18 03 00 00 mov eax,[eax+00000318h] 0008:00006F31 8B 40 0C mov eax,[eax+0ch] 0008:00006F34 89 04 24 mov [esp],eax 0008:00006F37 E8 8C CF FF FF call loc_00003ec8h 0008:00006F3C C7 45 CC 01 00 00 00 mov [ebp-34h],00000001h 0008:00006F43 E9 1C 01 00 00 jmp loc_00007064h 0008:00006F48 C7 04 24 0A 00 00 00 mov [esp],0000000ah 0008:00006F4F E8 5F 9C FF FF call loc_00000bb3h 0008:00006F54 81 7D 0C 80 00 00 00 cmp [ebp+0ch],00000080h 0008:00006F5B 75 56 jnz loc_00006fb3h 0008:00006F5D 8B 45 08 mov eax,[ebp+08h] 0008:00006F60 8B 00 mov eax,[eax] 0008:00006F62 8B 88 20 02 00 00 mov ecx,[eax+00000220h] 0008:00006F68 8B 45 08 mov eax,[ebp+08h] 0008:00006F6B 8B 80 18 03 00 00 mov eax,[eax+00000318h] 0008:00006F71 8B 50 08 mov edx,[eax+08h] 0008:00006F74 C7 44 24 0C 00 00 00 00 mov [esp+0ch],00000000h 0008:00006F7C 8B 45 18 mov eax,[ebp+18h] 0008:00006F7F 89 44 24 08 mov [esp+08h],eax 0008:00006F83 8B 45 1C mov eax,[ebp+1ch] 0008:00006F86 89 44 24 04 mov [esp+04h],eax 0008:00006F8A 89 14 24 mov [esp],edx 0008:00006F8D FF D1 call ecx
Kevin allow remind me that usbrom have an 1M heap which will overwrite SeaBIOS in the 0xf0000. That may also a problem. any suggestion is welcome.
On Sun, Aug 23, 2009 at 04:03:40AM +0800, Jason Wang wrote:
Hi all, I am trying to debug why the grub crashed (under usbrom) after loading certain blocks into the memory. My new found is that while usbrom is trying to load (block lba=0x0019a9e0). it crashed. the flow is usb_new_read(0,0x0019a9e0,0x20,0xfffa2000), 0x20 is the count which should be read, and the 0xfffa2000 is the virtual address of (0x70000). usb_new_read call readwrite_blocks then execute_command. after executed wrap_cbw in execute_command. it should call dev->controller->bulk, this address is a wrong address. my debug information are below:
Where in memory is "dev->controller->bulk"? You way want to check if its contents were overwritten by something (eg, grub, linux, seabios, or a data block loaded by the usb rom).
-Kevin
On 8/22/09 11:45 PM, Kevin O'Connor wrote:
On Sun, Aug 23, 2009 at 04:03:40AM +0800, Jason Wang wrote:
Hi all, I am trying to debug why the grub crashed (under usbrom) after loading certain blocks into the memory. My new found is that while usbrom is trying to load (block lba=0x0019a9e0). it crashed. the flow is usb_new_read(0,0x0019a9e0,0x20,0xfffa2000), 0x20 is the count which should be read, and the 0xfffa2000 is the virtual address of (0x70000). usb_new_read call readwrite_blocks then execute_command. after executed wrap_cbw in execute_command. it should call dev->controller->bulk, this address is a wrong address. my debug information are below:
Where in memory is "dev->controller->bulk"? You way want to check if its contents were overwritten by something (eg, grub, linux, seabios, or a data block loaded by the usb rom).
Can / should usbrom use PMM for its heap and stack?
On Sun, Aug 23, 2009 at 12:09:41AM +0200, Stefan Reinauer wrote:
Can / should usbrom use PMM for its heap and stack?
The standard PMM interface is for temporary memory only - memory to be used only during the option rom initialization stage. The memory is not valid once the boot stage starts; it wouldn't be valid while a bootloader is running.
There is a PCIv3 extension to the PMM interface that allows one to request permanent memory (memory reserved in the e820 map). SeaBIOS does not implement this, but it would not be too hard to add. However, the amount of memory available via this call is limited - according to the spec 64K of high memory and 40K of low memory for all option roms in the system (google for "PCI Firmware Specification v3.0 (2005-06-20).pdf").
-Kevin
On 23.08.2009 02:16, Kevin O'Connor wrote:
On Sun, Aug 23, 2009 at 12:09:41AM +0200, Stefan Reinauer wrote:
Can / should usbrom use PMM for its heap and stack?
The standard PMM interface is for temporary memory only - memory to be used only during the option rom initialization stage. The memory is not valid once the boot stage starts; it wouldn't be valid while a bootloader is running.
There is a PCIv3 extension to the PMM interface that allows one to request permanent memory (memory reserved in the e820 map). SeaBIOS does not implement this, but it would not be too hard to add.
Can't we simply have coreboot reserve some memory at a hardcoded address for now? It's a quick hack and may even work. No idea about how SeaBIOS finds out about coreboot reserved memory and creates e820, though.
Sorry if this is totally unrealistic.
Regards, Carl-Daniel
On Sat, Aug 22, 2009 at 08:16:28PM -0400, Kevin O'Connor wrote:
There is a PCIv3 extension to the PMM interface that allows one to request permanent memory (memory reserved in the e820 map). SeaBIOS does not implement this, but it would not be too hard to add.
FYI - I just committed a patch to SeaBIOS git to support permanent PMM requests of high memory. I'm not sure if it will be helpful or not. Also, I don't have an easy way to test it, but I think it is correct.
http://git.linuxtogo.org/?p=kevin/seabios.git;a=commitdiff;h=0e9fd6155384da9...
-Kevin
On Sun, Aug 23, 2009 at 5:45 AM, Kevin O'Connor kevin@koconnor.net wrote:
On Sun, Aug 23, 2009 at 04:03:40AM +0800, Jason Wang wrote:
Hi all, I am trying to debug why the grub crashed (under usbrom) after
loading
certain blocks into the memory. My new found is that while usbrom is trying to load (block
lba=0x0019a9e0).
it crashed. the flow is usb_new_read(0,0x0019a9e0,0x20,0xfffa2000), 0x20 is the count which
should
be read, and the 0xfffa2000 is the virtual address of (0x70000). usb_new_read call readwrite_blocks then execute_command. after executed wrap_cbw in execute_command. it should call dev->controller->bulk, this address is a wrong address. my debug information are below:
Where in memory is "dev->controller->bulk"? You way want to check if its contents were overwritten by something (eg, grub, linux, seabios, or a data block loaded by the usb rom).
dev->controller-bulk is memory is 5d2d, but the point which direct to dev->controller is 6Ef30,which physical memory is 6EF30+CE000>0x100000,what's why grub kernel can load some blocks to 0x100000 but crashed later. grub overwrite the space which usbrom use. So the problem is be confirmed with memory. Kevin, how can i use PMM by seabios from usbrom? it should be much about 1M memory that should be used. Does PMM can suppport so large or just 40K of low memory/64K high memory
-Kevin
-
Carl-Daniel Hailfinger -
Jason Wang -
Kevin O'Connor -
Stefan Reinauer