Re: [edk2] Crash in qemu + OVMF after a call to DEBUG()

Tue, 13 May 2014 07:59:09 -0700 

2014-05-13 16:24 GMT+02:00 Laszlo Ersek <ler...@redhat.com>:
> On 05/13/14 15:50, Ludovic Rousseau wrote:
>> Hello,
>>
>> I hope this is the correct mailing list for my request. If not sorry.
>>
>> I use OVMF-X64-r15214 with qemu version 1.1.2 (Debian
>> 1.1.2+dfsg-6a+deb7u2). It works great for my first tests.
>>
>> I now want to use the DEBUG() call to have some debug traces.
>> My program is very simple. I use gnu-efi to build it.
>>
>> #include <efi.h>
>> #include <efilib.h>
>>
>> EFI_STATUS
>> EFIAPI
>> efi_main (EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable)
>> {
>>     InitializeLib(ImageHandle, SystemTable);
>>
>>     Print(L"a\n");
>>     DEBUG(( D_INFO, (CHAR8 *)"D_INFO\r\n"));
>>     Print(L"b\n");
>>     DEBUG(( D_ERROR, (CHAR8 *)"D_ERROR\r\n"));
>>     Print(L"c\n");
>>
>>     return EFI_SUCCESS;
>> }
>>
>> I start qemu using:
>> qemu-system-x86_64 -bios OVMF-X64-r15214/OVMF.fd \
>>     -boot c -m 128 -hda 'disk.img' \
>>     -serial file:serial.log
>>
>> In the qemu graphical window I see 2 lines:
>> a
>> b
>>
>> In the serial.log file I have:
>> [...]
>> Shell> fs0:
>> FS0:\> usb1
>> a
>> b
>> D_ERROR
>>
>> The first call to DEBUG() with D_INFO is not displayed. I guess it is
>> because of the lines in /usr/include/efi/efidebug.h
>> //
>> // Current Debug level of the system, value of EFIDebug
>> //
>> //#define EFI_DBUG_MASK   (D_ERROR | D_WARN | D_LOAD | D_BLKIO | D_INIT)
>> #define EFI_DBUG_MASK   (D_ERROR)
>>
>>
>> The problem is that right after the "D_ERROR" is logged I get a crash
>> of the virtual machine with:
>> qemu: fatal: Trying to execute code outside RAM or ROM at 0x00000000000b0000
>>
>> RAX=0000000000000000 RBX=0000000080000000 RCX=0000000000000000
>> RDX=0000000000000018
>> RSI=0000000000000005 RDI=0000000007dd0c30 RBP=0000000007f94560
>> RSP=0000000007f94518
>> R8 =0000000000000000 R9 =0000000007f93f5c R10=00000000000003f8
>> R11=0000000000000040
>> R12=0000000000000005 R13=0000000000000000 R14=0000000000000000
>> R15=0000000000000000
>> RIP=00000000000affae RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
>> ES =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> CS =0028 0000000000000000 ffffffff 00af9b00 DPL=0 CS64 [-RA]
>> SS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> DS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> FS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> GS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>> LDT=0000 0000000000000000 0000ffff 00008200 DPL=0 LDT
>> TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy
>> GDT=     0000000007f1ed98 0000003f
>> IDT=     000000000747f018 00000fff
>> CR0=80000033 CR2=0000000000000000 CR3=0000000007f33000 CR4=00000668
>> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
>> DR3=0000000000000000
>> DR6=00000000ffff0ff0 DR7=0000000000000400
>> CCS=0000000000000000 CCD=0000000000000000 CCO=ADDB
>> EFER=0000000000000500
>> FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
>> FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
>> FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
>> FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
>> FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
>> XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
>> XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
>> XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
>> XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
>> XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
>> XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
>> XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
>> XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
>>
>> I also tried to start qemu using "-debugcon file:debug.log -global
>> isa-debugcon.iobase=0x402" as indicated in [1] but I get the same
>> crash and not log or debug at all.
>>
>>
>> Is it a bug in OVMF-X64-r15214 or in qemu version 1.1.2?
>> Do I need to initialize something before I can call DEBUG()?
>>
>> Thanks
>>
>> [1] https://github.com/tianocore/edk2-OvmfPkg
>>
>
> This looks to me like a gnu-efi bug.
>
> (See
> - http://thread.gmane.org/gmane.comp.bios.tianocore.devel/3669
> - http://thread.gmane.org/gmane.comp.bios.tianocore.devel/6639/focus=6665
> for background.)
>
> Namely, gnu-efi's va_start() implementation, from "inc/efistdarg.h":
>
> #define va_start(ap,v)  ( ap = (va_list)&v + _INTSIZEOF(v) )
>
> only works if the function using va_start() has been called with the
> EFIAPI calling convention. What you have here is:
>
> DEBUG() [inc/efidebug.h]
>   DbgPrint() [lib/print.c]
>     va_start() [inc/efistdarg.h]
>
> The prototype of DbgPrint() is incorrect, at the end of
> "inc/efidebug.h". Consequently, when your program calls DbgPrint() via
> the DEBUG() macro, it fails to set up the stack correctly (it does not
> pass the arguments through the ellipsis (...) according to the EFIAPI
> calling convention). However, va_start() inside DbgPrint() *assumes*
> that stack.
>
> Please rebuild your gnu-efi installation with the attached patch, and
> retest your app.

I still get a crash but with a different message in serial.log
FS0:\> debug1
a
b
!!!! X64 Exception Type - 000000000000000D     CPU Apic ID - 00000000 !!!!
RIP  - 0000000007DCE98B, CS  - 0000000000000028, RFLAGS - 0000000000000282
ExceptionData - 0000000000000000
RAX  - C9F0458B48685089, RCX - C9F0458B48685089, RDX - 0000000000000000
RBX  - 0000000080000000, RSP - 0000000007F94520, RBP - 0000000007F94560
RSI  - 000000000000000E, RDI - 0000000007DD0C30
R8   - 0000000000000000, R9  - 0000000007F93F07, R10 - 0000000006D86DBA
R11  - 0000000000000040, R12 - 0000000000000000, R13 - 0000000000000000
R14  - 0000000000000000, R15 - 0000000000000000
DS   - 0000000000000008, ES  - 0000000000000008, FS  - 0000000000000008
GS   - 0000000000000008, SS  - 0000000000000008
CR0  - 0000000080000033, CR2 - 0000000000000000, CR3 - 0000000007F33000
CR4  - 0000000000000668, CR8 - 0000000000000000
DR0  - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000
DR3  - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400
GDTR - 0000000007F1ED98 000000000000003F, LDTR - 0000000000000000
IDTR - 000000000747F018 0000000000000FFF,   TR - 0000000000000000
FXSAVE_STATE - 0000000007F94180
!!!! Find PE image
/home/jljusten/tmp/edk2/Build/OvmfX64/RELEASE_GCC47/X64/MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe/DEBUG/ConSplitterDxe.dll
(ImageBase=0000000007DC9000, EntryPoint=0000000007DC92AF) !!!!

I do not see the "D_ERROR" log message any more. The crash now occurs
_before_ the debug message is displayed.

Another suggestion?

Thanks

-- 
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel

Reply via email to