From: Laszlo Ersek <lersek@redhat.com>
To: Bug 1180970 <1180970@bugs.launchpad.net>
Cc: Duane Voth <duanev@gmail.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [Bug 1180970] [NEW] qemu: fatal: Trying to execute code outside RAM or ROM; worked in 1.4.0, fails in 1.4.92
Date: Thu, 16 May 2013 23:46:12 +0200 [thread overview]
Message-ID: <519553A4.9030900@redhat.com> (raw)
In-Reply-To: <20130516195843.983.69688.malonedeb@soybean.canonical.com>
On 05/16/13 21:58, Duane Voth wrote:> Public bug reported:
>
> I'm using qemu to run and debug the EDK2 uEFI environment. OVMF is
> being built out of the EDK2 tree I've checked out (r14367).
> (Reproducing all this could be tedious so I am available for
> debugging/testing.)
>
> qemu 1.4.0 was able to execute this guest environment with no trouble,
> qemu 1.4.92 however issues an error message and aborts. The command
> line I use to start qemu is:
>
> $ /usr/local/bin/qemu-system-x86_64 -m 1024 -bios OVMF.fd -monitor stdio
>
> 1.4.92 gives the following register dump:
>
> QEMU 1.4.92 monitor - type 'help' for more information
> (qemu) qemu: fatal: Trying to execute code outside RAM or ROM at 0x0000000100000000
>
> RAX=000000003e084da8 RBX=000000003e084868 RCX=0000000000000000 RDX=000000003e084f00
> RSI=0000000000000001 RDI=000000003e085000 RBP=000000003e084708 RSP=000000003fac8510
> R8 =0000000000000000 R9 =000000003e14c3e3 R10=0000000000000033 R11=00000000000000d3
> R12=000000003e0848a0 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
> RIP=00000000ffffffe4 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS [-WA]
> CS =0028 0000000000000000 ffffffff 00af9b00 DPL=0 CS64 [-RA]
> SS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS [-WA]
> DS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS [-WA]
> FS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS [-WA]
> GS =0008 0000000000000000 ffffffff 00cf9300 DPL=0 DS [-WA]
> LDT=0000 0000000000000000 0000ffff 00008200 DPL=0 LDT
> TR =0000 0000000000000000 0000ffff 00008b00 DPL=0 TSS64-busy
> GDT= 000000003fa50e98 0000003f
> IDT= 000000003f9d6e20 00000fff
> CR0=80000033 CR2=0000000000000000 CR3=000000003fa67000 CR4=00000668
> ...
>
>
> Questions:
> 1) Is this problem relevant? (is full backward compatability to be
> supported?)
> 2) Are there new guest execution controls in 1.4.9x that might cause
> this?
> 3) If #2, can they be disabled by a qemu command line switch?
> 4) If not #2, in what qemu source file specifically can I find the
> logic causing the abort? (help me help you :)
> 5) If guest memory is corrupted or improperly mapped, how can I keep
> qemu alive to examime/dump guest memory?
I reckon you don't see this with KVM enabled. (Because I don't see it
with KVM enabled, with my own OVMF builds anyway :), plus the "Trying to
execute code outside RAM or ROM" message comes from code that strikes me
as part of TCG.)
It surprises me that RIP=00000000ffffffe4 whereas get_page_addr_code()
[cputlb.c] logs "at 0x0000000100000000".
The RIP seems to be in OVMF init code.
0x0000000100000000 is 4G exactly and looks suspicious.
Can you try bisecting TCG between 1.4.0 and current master?
git log --oneline --reverse v1.4.0.. -- tcg \
| egrep -v 'tcg[-/](arm|ppc|sparc|s390|mips)'
0b0d332 TCG: Final globals clean-up
5e5f07e TCG: Move translation block variables to new context inside tcg_ctx: tb_ctx
24537a0 qemu-log: Rename the public-facing cpu_set_log function to qemu_set_log
e6a7273 tcg: Make 32-bit multiword operations optional for 64-bit hosts
bbc863b tcg-i386: Always implement 32-bit multiword ops
d7156f7 tcg: Add 64-bit multiword arithmetic operations
4d3203f tcg: Add signed multiword multiplication operations
3c51a98 tcg: Implement a 64-bit to 32-bit extraction helper
696a8be tcg: Implement multiword multiply helpers
f6953a7 tcg: Implement multiword addition helpers
624988a tcg-i386: Implement multiword arithmetic ops
f402f38 tcg: Implement muls2 with mulu2
f1fae40 tcg: Apply life analysis to 64-bit multiword arithmetic ops
989b697 qemu-log: default to stderr for logging output
0980011 tcg: Document tcg_qemu_tb_exec() and provide constants for low bit uses
378df4b Handle CPU interrupts by inline checking of a flag
294e466 Use proper term in TCG README
2d49754 tcg-optimize: Fold sub r,0,x to neg r,x
03fc054 tci: Use 32-bit signed offsets to loads/stores
4699ca6 tci: Delete unused tb_ret_addr
ee79c35 tci: Make tcg temporaries local to tcg_qemu_tb_exec
0a9c234 Merge branch 'tci' of git://qemu.weilnetz.de/qemu
ed60512 tcg: fix deposit_i64 op on 32-bit targets
d6b64b2 tcg: Log the contents of the prologue with -d out_asm
66e61b5 tcg/optimize: fix setcond2 optimization
Anyway I'm just throwing around words and waving my hand, hoping that
someone with actual insight will chime in.
Laszlo
next prev parent reply other threads:[~2013-05-16 21:44 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-16 19:58 [Qemu-devel] [Bug 1180970] [NEW] qemu: fatal: Trying to execute code outside RAM or ROM; worked in 1.4.0, fails in 1.4.92 Duane Voth
2013-05-16 20:01 ` [Qemu-devel] [Bug 1180970] " Duane Voth
2013-05-16 21:46 ` Laszlo Ersek [this message]
2013-05-16 22:32 ` [Qemu-devel] [Bug 1180970] [NEW] " Duane Voth
2013-05-16 22:44 ` Laszlo Ersek
2013-05-17 10:20 ` Paolo Bonzini
2013-05-17 15:35 ` [Qemu-devel] [Bug 1180970] " Launchpad Bug Tracker
2013-05-17 15:39 ` Marco Trevisan (Treviño)
2013-05-17 20:03 ` Duane Voth
2013-05-21 18:16 ` Duane Voth
2013-05-24 21:37 ` Laszlo Ersek
2013-05-24 21:49 ` Laszlo Ersek
2013-05-29 19:05 ` Duane Voth
2016-09-28 14:28 ` T. Huth
2016-09-28 14:59 ` Duane Voth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=519553A4.9030900@redhat.com \
--to=lersek@redhat.com \
--cc=1180970@bugs.launchpad.net \
--cc=duanev@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.