All of lore.kernel.org
 help / color / mirror / Atom feed
From: Laszlo Ersek <lersek@redhat.com>
To: Bug 1180970 <1180970@bugs.launchpad.net>
Cc: Duane Voth <duanev@gmail.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [Bug 1180970] [NEW] qemu: fatal: Trying to execute code outside RAM	or ROM; worked in 1.4.0, fails in 1.4.92
Date: Thu, 16 May 2013 23:46:12 +0200	[thread overview]
Message-ID: <519553A4.9030900@redhat.com> (raw)
In-Reply-To: <20130516195843.983.69688.malonedeb@soybean.canonical.com>

On 05/16/13 21:58, Duane Voth wrote:> Public bug reported:
>
> I'm using qemu to run and debug the EDK2 uEFI environment. OVMF is
> being built out of the EDK2 tree I've checked out (r14367).
> (Reproducing all this could be tedious so I am available for
> debugging/testing.)
>
> qemu 1.4.0 was able to execute this guest environment with no trouble,
> qemu 1.4.92 however issues an error message and aborts.  The command
> line I use to start qemu is:
>
> $ /usr/local/bin/qemu-system-x86_64 -m 1024 -bios OVMF.fd -monitor stdio
>
> 1.4.92 gives the following register dump:
>
> QEMU 1.4.92 monitor - type 'help' for more information
> (qemu) qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000100000000
>
> RAX=000000003e084da8 RBX=000000003e084868 RCX=0000000000000000 RDX=000000003e084f00
> RSI=0000000000000001 RDI=000000003e085000 RBP=000000003e084708 RSP=000000003fac8510
> R8 =0000000000000000 R9 =000000003e14c3e3 R10=0000000000000033 R11=00000000000000d3
> R12=000000003e0848a0 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
> RIP=00000000ffffffe4 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> CS =0028 0000000000000000 ffffffff 00af9b00 DPL=0 CS64 [-RA]
> SS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> DS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> FS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> GS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
> LDT=0000 0000000000000000 0000ffff 00008200 DPL=0 LDT
> TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy
> GDT=     000000003fa50e98 0000003f
> IDT=     000000003f9d6e20 00000fff
> CR0=80000033 CR2=0000000000000000 CR3=000000003fa67000 CR4=00000668
> ...
>
>
> Questions:
> 1) Is this problem relevant?  (is full backward compatability to be
> supported?)
> 2) Are there new guest execution controls in 1.4.9x that might cause
> this?
> 3) If #2, can they be disabled by a qemu command line switch?
> 4) If not #2, in what qemu source file specifically can I find the
> logic causing the abort? (help me help you :)
> 5) If guest memory is corrupted or improperly mapped, how can I keep
> qemu alive to examime/dump guest memory?

I reckon you don't see this with KVM enabled. (Because I don't see it
with KVM enabled, with my own OVMF builds anyway :), plus the "Trying to
execute code outside RAM or ROM" message comes from code that strikes me
as part of TCG.)

It surprises me that RIP=00000000ffffffe4 whereas get_page_addr_code()
[cputlb.c] logs "at 0x0000000100000000".

The RIP seems to be in OVMF init code.

0x0000000100000000 is 4G exactly and looks suspicious.

Can you try bisecting TCG between 1.4.0 and current master?

git log --oneline --reverse v1.4.0.. -- tcg \
| egrep -v 'tcg[-/](arm|ppc|sparc|s390|mips)'

  0b0d332 TCG: Final globals clean-up
  5e5f07e TCG: Move translation block variables to new context inside tcg_ctx: tb_ctx
  24537a0 qemu-log: Rename the public-facing cpu_set_log function to qemu_set_log
  e6a7273 tcg: Make 32-bit multiword operations optional for 64-bit hosts
  bbc863b tcg-i386: Always implement 32-bit multiword ops
  d7156f7 tcg: Add 64-bit multiword arithmetic operations
  4d3203f tcg: Add signed multiword multiplication operations
  3c51a98 tcg: Implement a 64-bit to 32-bit extraction helper
  696a8be tcg: Implement multiword multiply helpers
  f6953a7 tcg: Implement multiword addition helpers
  624988a tcg-i386: Implement multiword arithmetic ops
  f402f38 tcg: Implement muls2 with mulu2
  f1fae40 tcg: Apply life analysis to 64-bit multiword arithmetic ops
  989b697 qemu-log: default to stderr for logging output
  0980011 tcg: Document tcg_qemu_tb_exec() and provide constants for low bit uses
  378df4b Handle CPU interrupts by inline checking of a flag
  294e466 Use proper term in TCG README
  2d49754 tcg-optimize: Fold sub r,0,x to neg r,x
  03fc054 tci: Use 32-bit signed offsets to loads/stores
  4699ca6 tci: Delete unused tb_ret_addr
  ee79c35 tci: Make tcg temporaries local to tcg_qemu_tb_exec
  0a9c234 Merge branch 'tci' of git://qemu.weilnetz.de/qemu
  ed60512 tcg: fix deposit_i64 op on 32-bit targets
  d6b64b2 tcg: Log the contents of the prologue with -d out_asm
  66e61b5 tcg/optimize: fix setcond2 optimization

Anyway I'm just throwing around words and waving my hand, hoping that
someone with actual insight will chime in.

Laszlo

  parent reply	other threads:[~2013-05-16 21:44 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-16 19:58 [Qemu-devel] [Bug 1180970] [NEW] qemu: fatal: Trying to execute code outside RAM or ROM; worked in 1.4.0, fails in 1.4.92 Duane Voth
2013-05-16 20:01 ` [Qemu-devel] [Bug 1180970] " Duane Voth
2013-05-16 21:46 ` Laszlo Ersek [this message]
2013-05-16 22:32   ` [Qemu-devel] [Bug 1180970] [NEW] " Duane Voth
2013-05-16 22:44     ` Laszlo Ersek
2013-05-17 10:20   ` Paolo Bonzini
2013-05-17 15:35 ` [Qemu-devel] [Bug 1180970] " Launchpad Bug Tracker
2013-05-17 15:39 ` Marco Trevisan (Treviño)
2013-05-17 20:03   ` Duane Voth
2013-05-21 18:16     ` Duane Voth
2013-05-24 21:37 ` Laszlo Ersek
2013-05-24 21:49 ` Laszlo Ersek
2013-05-29 19:05 ` Duane Voth
2016-09-28 14:28 ` T. Huth
2016-09-28 14:59   ` Duane Voth

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=519553A4.9030900@redhat.com \
    --to=lersek@redhat.com \
    --cc=1180970@bugs.launchpad.net \
    --cc=duanev@gmail.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.