[SeaBIOS] SeaBIOS not fully working when compiled on FreeBSD
Roger Pau Monné
roger.pau at citrix.com
Mon Apr 20 16:28:03 CEST 2015
Hello,
El 16/04/15 a les 19.51, Kevin O'Connor ha escrit:
> On Thu, Apr 16, 2015 at 06:37:29PM +0200, Roger Pau Monné wrote:
>> El 16/04/15 a les 17.52, Kevin O'Connor ha escrit:
>>> Seems like the same problem. You wont be able to set a gdb breakpoint
>>> for the freebsd call because freebsd isn't calling the bios - it's
>>> attempting to interpret the bios code.
>>>
>>> Does the seabios patch below fix the problem for you?
>>
>> Seems to kind of fix it, but it's hard to tell.
>>
>> Most of the time the original SeaBIOS binary works without problems.
>> There's sometimes were the int 0x15 call with ah=0xc0 returns what seem
>> to be valid values in ah and flg, but the values in es and bx are
>> corrupted so when freebsd tries to access this region (es << 4 + bx) it
>> gets a page fault.
>>
>> This is what I see now with the patch applied:
>>
>> atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
>> atkbd0: <AT Keyboard> irq 1 on atkbdc0
>> Calling INT 0x15 (ax=0xc000 bx=0x0000 cx=0x0000 dx=0x0000 es=0x0000 di=0x0000)
>> Exiting INT 0x15 (ax=0xf9c0 bx=0xf9c0 cx=0xf99e dx=0xdf80 es=0x0000 di=0x0000)
>> kbd0 at atkbd0
>> atkbd0: [GIANT-LOCKED]
>
> Ah, looks like the freebsd code isn't even checking if x86emu exited
> abnormally.
Yes, this is something that can be solved without much work AFAICT, so
that we know if the emulator exited correctly or not. However this is
only a side-effect of what's actually happening.
> To summarize, this looks to be the same problem that I investigated
> two years ago:
>
> http://lists.nongnu.org/archive/html/qemu-devel/2013-03/msg01311.html
>
> Basically, freebsd is attempting to interpret the x86 bios code, but
> it is using an incomplete interpreter that misinterprets some x86
> instructions. That broken interpreter could cause page faults, loop
> forever, or return bogus values.
I've added a little bit more debug to the FreeBSD kernel and x86emu in
order to see what's going on. It seems like SeaBIOS contains VERR/VERW
instructions (or x86emu in FreeBSD thinks so, but maybe this is just
the fail over of some badly emulated instructions), which x86emu
doesn't know how to handle, can this be the case?
I've added a instruction trace to know what's going on, here is the
output:
atkbd0: <AT Keyboard> irq 1 on atkbdc0
Calling INT 0x15 (ax=0xc000 bx=0x0000 cx=0x0000 dx=0x0000 es=0x0000 di=0x0000)
Exec one byte: 0x80
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x66
Exec one byte: 0x68
Exec one byte: 0xe9
Exec one byte: 0xfa
Exec one byte: 0xfc
Exec one byte: 0x1e
Exec one byte: 0x66
Exec one byte: 0x50
Exec one byte: 0x66
Exec one byte: 0xb8
Exec one byte: 0x8e
Exec one byte: 0x66
Exec one byte: 0xa1
Exec one byte: 0x66
Exec one byte: 0x83
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8f
Exec one byte: 0x67
Exec one byte: 0x8f
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x8c
Exec one byte: 0x66
Exec one byte: 0x59
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x8c
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8f
Exec one byte: 0x67
Exec one byte: 0x8f
Exec one byte: 0x8c
Exec one byte: 0x8e
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x66
Exec one byte: 0xff
Exec one byte: 0x66
Exec one byte: 0x55
Exec one byte: 0x66
Exec one byte: 0x57
Exec one byte: 0x66
Exec one byte: 0x56
Exec one byte: 0x66
Exec one byte: 0x53
Exec one byte: 0x66
Exec one byte: 0x83
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x66
Exec one byte: 0xba
Exec one byte: 0x66
Exec one byte: 0xe8
Exec one byte: 0x66
Exec one byte: 0x83
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0xc7
Exec one byte: 0x66
Exec one byte: 0xe8
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8b
Exec one byte: 0x66
Exec one byte: 0xe8
Exec one byte: 0x66
Exec one byte: 0x55
Exec one byte: 0x66
Exec one byte: 0x57
Exec one byte: 0x66
Exec one byte: 0x56
Exec one byte: 0x66
Exec one byte: 0x53
Exec one byte: 0x66
Exec one byte: 0x51
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x3c
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xe9
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0xe9
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x3c
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xe9
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0xe9
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x3c
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xe9
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0xe9
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x3c
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xe9
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0xe9
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x3c
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xe9
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0xe9
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x3c
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xe9
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0xe9
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x3c
Exec one byte: 0x74
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0x67
Exec one byte: 0xc6
x86emuOp_mov_byte_RM_IMM: CS 0xf000 IP 0xf896
x86emuOp_mov_byte_RM_IMM: mod 0x1 rl 0x4 rh 0x0
Exec one byte: 0x66
Exec one byte: 0x31
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x67
Exec one byte: 0x88
Exec one byte: 0x88
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x3c
Exec one byte: 0x77
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x66
Exec one byte: 0x31
Exec one byte: 0x80
Exec one byte: 0x75
Exec one byte: 0x80
Exec one byte: 0x74
Exec one byte: 0x7f
Exec one byte: 0x80
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8b
Exec one byte: 0x66
Exec one byte: 0xe8
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x41
Exec one byte: 0xeb
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x41
Exec one byte: 0xeb
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x41
Exec one byte: 0xeb
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x41
Exec one byte: 0xeb
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x41
Exec one byte: 0xeb
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x41
Exec one byte: 0xeb
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x41
Exec one byte: 0xeb
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x41
Exec one byte: 0xeb
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x41
Exec one byte: 0xeb
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0x74
Exec one byte: 0x66
Exec one byte: 0xc3
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0xeb
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0xe9
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x3c
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xe9
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0xe9
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x3c
Exec one byte: 0x74
Exec one byte: 0x2e
Exec one byte: 0x8b
Exec one byte: 0xe9
Exec one byte: 0xee
Exec one byte: 0x66
Exec one byte: 0x89
Exec one byte: 0x67
Exec one byte: 0x66
Exec one byte: 0x8d
Exec one byte: 0xe9
Exec one byte: 0x2e
Exec one byte: 0x67
Exec one byte: 0x8a
Exec one byte: 0x84
Exec one byte: 0xf
Exec two byte: 0x84
Exec one byte: 0x66
Exec one byte: 0x58
Exec one byte: 0x66
Exec one byte: 0x5b
Exec one byte: 0x66
Exec one byte: 0x5e
Exec one byte: 0x66
Exec one byte: 0x5f
Exec one byte: 0x66
Exec one byte: 0x5d
Exec one byte: 0x66
Exec one byte: 0xc3
Exec one byte: 0xf0
Exec one byte: 0xee
Exec one byte: 0xb0
Exec one byte: 0xee
Exec one byte: 0x8d
Exec one byte: 0x14
Exec one byte: 0xda
Exec one byte: 0xf
Exec two byte: 0x0
Unknown 2byte op 0x0
Halting system: /usr/src/sys/contrib/x86emu/x86emu.c:5959
System halted!
Exiting INT 0x15 (ax=0x00a9 bx=0x2073 cx=0x0024 dx=0x00e9 es=0x0000 di=0x0000)
Roger.
More information about the SeaBIOS
mailing list