Date: Fri, 2 Jun 2017 06:15:29 -0700 From: Mark Millard <markmi@dsl-only.net> To: Justin Hibbits <jhibbits@FreeBSD.org>, Nathan Whitehorn <nwhitehorn@freebsd.org>, FreeBSD PowerPC ML <freebsd-ppc@freebsd.org>, freebsd-hackers@freebsd.org Subject: On a old PowerMac G5: two 32-bit powerpc FreeBSD vmcore's from having protected most wired kernel memory from execution: what is common Message-ID: <D56D7968-13F4-4917-86EF-38C252B5D0B3@dsl-only.net>
next in thread | raw e-mail | index | archive | help
Based on the changed page protections. . .
Instead of illegal instruction the periodic/random kernel panic
reported for both example panics:
fatal kernel trap:
exception =3D 0x400 instruction storage interrupt
virtual address =3D 0x90a0f0
srr0 =3D 0x90a0f0
srr1 =3D 0x10001032
lr =3D 0x535ad0
(sched_affinity+0x18 ???)
curthread =3D 0x147d360
pid =3D 11, comm =3D idle: cpu1
[ thread pid 11 tid 100003 ]
Stopped at etext+0xb8fc: illegal instruction 0
(So it looks like I disabled execute in that
area correctly.)
Most levels of the backtraces are different
between vmcore.5 and vmcore.6 . But the
lowest level ones are the same.
In particular the prior bl is to tdq_add
from sched_add but the 0x90a0f0 it jumps
to when getting the 0x400 exception is
wildly different than the 0x5356ec for the
bl to tdq_add.
For reference: sched_affinity through
sched_affinity+0x18 is:
00535ab8 <sched_affinity> stwu r1,-32(r1)
00535abc <sched_affinity+0x4> mflr r0
00535ac0 <sched_affinity+0x8> stw r29,20(r1)
00535ac4 <sched_affinity+0xc> stw r30,24(r1)
00535ac8 <sched_affinity+0x10> stw r31,28(r1)
00535acc <sched_affinity+0x14> stw r0,36(r1)
00535ad0 <sched_affinity+0x18> mr r31,r1
So 00535ad0 is an odd spot for a lr value.
backtrace summary for vmcore.5:
(Listing the LR values, not 4 back from that.)
trapexit+0x0 (after trapagain+0x4) for 0x400 trap
0x90a0f0 from .hash section (bad address)
sched_add+0x1a0
005359c4 <sched_add+0x188> bl 004cde6c <thread_lock_unblock>
005359c8 <sched_add+0x18c> bl 008ea4e0 <spinlock_exit>
005359cc <sched_add+0x190> mr r3,r28
005359d0 <sched_add+0x194> mr r4,r27
005359d4 <sched_add+0x198> mr r5,r25
005359d8 <sched_add+0x19c> bl 005356ec <tdq_add>
005359dc <sched_add+0x1a0> mfsprg r9,0
(from here until cpu_idle_60x+0x88 is not common with vmcore.6)
intr_event_schedule_thread+0xd0
004a8780 <intr_event_schedule_thread+0xc4> mr r3,r28
004a8784 <intr_event_schedule_thread+0xc8> li r4,4
004a8788 <intr_event_schedule_thread+0xcc> bl 0053583c =
<sched_add>
004a878c <intr_event_schedule_thread+0xd0> lwz r9,0(r28)
intr_event_handle+0x114
powerpc_dispatch_intr+0xcc
openpic_dispatch+0x94
powerpc_interrupt+0xc4
trapexit+0x0 (after trapagain+0x4) for 0x500 trap (vmcore.6: 0x900)
cpu_idle_60x+0x88
. . . (not shown)
backtrace summary for vmcore.6:
(Listing the LR values, not 4 back from that.)
trapexit+0x0 (after trapagain+0x4) for 0x400 trap
0x90a0f0 from .hash section (bad address)
sched_add+0x1a0
005359c4 <sched_add+0x188> bl 004cde6c <thread_lock_unblock>
005359c8 <sched_add+0x18c> bl 008ea4e0 <spinlock_exit>
005359cc <sched_add+0x190> mr r3,r28
005359d0 <sched_add+0x194> mr r4,r27
005359d4 <sched_add+0x198> mr r5,r25
005359d8 <sched_add+0x19c> bl 005356ec <tdq_add>
005359dc <sched_add+0x1a0> mfsprg r9,0
(from here until cpu_idle_60x+0x88 is not common with vmcore.5)
sched_wakeup+0xa8
00535c0c <sched_wakeup+0x9c> mr r3,r29
00535c10 <sched_wakeup+0xa0> li r4,0
00535c14 <sched_wakeup+0xa4> bl 0053583c <sched_add>
00535c18 <sched_wakeup+0xa8> lwz r11,0(r1)
setrunnable+0xa0
sleepq_resume_thread+0x180
sleepq_timeout+0xcc
softclock_call_cc+0x1f4
callout_process+0x280
handleevents+0x2ac
timercb+0x4c4
decr_intr+0xf4
powerpc_dispatch_intr+0xf8
trapexit+0x0 (after trapagain+0x4) for 0x900 trap (vmcore.5: 0x500)
cpu_idle_60x+0x88
. . . (not shown)
=46rom the vmcore.5:
(The formatting depends on mono-spaced text)
[ ]: trapexit+0x0 (after trapagain+0x4)
013ed680 df 5e a7 40 00 10 08 f8 00 00 00 04 df 5e a7 40 =
|.^.@.........^.@|
013ed690 01 47 d3 60 00 00 00 14 01 47 e3 60 00 00 00 04 =
|.G.`.....G.`....|
013ed6a0 00 00 00 04 00 fd 98 7f 00 00 00 00 00 d4 c0 50 =
|...............P|
013ed6b0 01 47 d3 60 df 5e a7 80 df 5d 0d 00 00 00 00 00 =
|.G.`.^...]......|
013ed6c0 00 d4 be 00 00 cb 98 98 00 c9 66 bc 00 c4 5e a8 =
|..........f...^.|
013ed6d0 00 c9 66 bc 00 d4 c5 4c df 5e a9 e0 00 eb a8 00 =
|..f....L.^......|
013ed6e0 00 c9 66 bc 01 47 d3 60 00 00 00 00 df 5e a8 78 =
|..f..G.`.....^.x|
013ed6f0 01 44 0e 00 01 47 d3 60 00 eb af 00 01 47 d3 60 =
|.D...G.`.....G.`|
013ed700 00 d1 ca ac df 5e a7 40 00 53 5a d0 20 00 90 34 =
|.....^.@.SZ. ..4|
[ ]: sched_affinity+0x18
[ ]: =46rom .hash section
013ed710 00 00 00 00 00 8d ef b4 00 90 a0 f0 10 00 10 32 =
|...............2|
[0x400 trap]
013ed720 00 00 04 00 41 a1 e5 68 0a 00 00 00 01 47 e3 60 =
|....A..h.....G.`|
013ed730 00 eb af 00 01 47 d3 60 00 d1 ca ac df 5e a7 40 =
|.....G.`.....^.@|
[ ]: sched_add+0x1a0
013ed740 df 5e a7 80 00 53 59 dc 00 c9 66 bc 00 d4 c5 4c =
|.^...SY...f....L|
013ed750 df 5e a9 e0 00 eb a8 00 00 c9 66 bc 00 00 00 04 =
|.^........f.....|
013ed760 00 00 00 00 df 5e a8 78 01 44 0e 00 01 47 d3 60 =
|.....^.x.D...G.`|
013ed770 01 47 e3 60 01 51 ff 80 00 d1 b4 30 df 5e a7 80 =
|.G.`.Q.....0.^..|
[ ]: intr_event_schedule_thread+0xd0
013ed780 df 5e a7 b0 00 4a 87 8c 6d 0c 21 5c df 5e 00 00 =
|.^...J..m.!\.^..|
013ed790 df 5e a7 b0 00 00 00 7c 00 00 00 00 01 47 d3 60 =
|.^.....|.....G.`|
013ed7a0 00 00 00 01 00 00 00 00 00 d2 6e 70 df 5e a7 b0 =
|..........np.^..|
[ ]: intr_event_handle+0x114
013ed7b0 df 5e a7 e0 00 4a 95 fc 00 c9 66 bc 00 00 00 00 =
|.^...J....f.....|
013ed7c0 df 5e a9 8c df 5e a8 78 df 5e a8 78 01 44 0e 00 =
|.^...^.x.^.x.D..|
013ed7d0 00 02 10 a0 01 48 b2 80 00 d2 6e 70 df 5e a7 e0 =
|.....H....np.^..|
[ ]: powerpc_dispatch_intr+0xcc
013ed7e0 df 5e a8 10 00 8e 91 8c df 5e a7 f0 00 cf 48 a8 =
|.^.......^....H.|
013ed7f0 df 5e a8 10 df 5e a8 78 01 47 d3 60 df 5e a8 78 =
|.^...^.x.G.`.^.x|
013ed800 00 02 10 a0 01 4c d4 00 00 d2 70 2c df 5e a8 10 =
|.....L....p,.^..|
[ ]: openpic_dispatch+0x94
013ed810 df 5e a8 40 00 8e c9 48 ec 94 8e 64 e6 38 8f 72 =
|.^.@...H...d.8.r|
013ed820 df 5e a8 40 00 00 00 02 00 00 00 00 00 eb af 00 =
|.^.@............|
013ed830 41 a1 e5 68 01 48 b1 00 00 d2 6e 60 df 5e a8 40 =
|A..h.H....n`.^.@|
[ ]: powerpc_interrupt+0xc4
013ed840 df 5e a8 70 00 8e 7d 28 8b 00 00 00 00 00 55 c4 =
|.^.p..}(......U.|
013ed850 00 cd f0 74 00 00 00 03 00 00 00 03 00 eb af 00 =
|...t............|
013ed860 41 a1 e5 68 0a 00 00 00 00 00 00 00 00 00 90 32 =
|A..h...........2|
[ ]: trapexit+0x0 (after trapagain+0x4)
013ed870 df 5e a9 30 00 10 08 f8 00 04 90 32 df 5e a9 30 =
|.^.0.......2.^.0|
013ed880 01 47 d3 60 00 00 00 00 7f a3 8e 84 00 00 00 00 =
|.G.`............|
013ed890 7f a3 8e 84 00 fd 98 7f 00 00 00 00 00 00 00 44 =
|...............D|
013ed8a0 01 fc a0 55 00 00 90 32 df 5d 0d 00 00 00 00 00 =
|...U...2.]......|
013ed8b0 00 d4 be 00 00 cb 98 98 00 c9 66 bc 00 c4 5e a8 =
|..........f...^.|
013ed8c0 00 c9 66 bc 00 d4 c5 4c df 5e a9 e0 00 eb a8 00 =
|..f....L.^......|
013ed8d0 00 c9 66 bc 01 47 d3 60 df 5e a9 8c 00 00 00 03 =
|..f..G.`.^......|
013ed8e0 00 00 00 03 00 eb af 00 00 00 00 00 00 8e 3c b8 =
|..............<.|
013ed8f0 00 d2 6c 04 df 5e a9 30 00 8e 3c d4 40 00 00 42 =
|..l..^.0..<.@..B|
[ ]: cpu_idle_60x+0x88
013ed900 20 00 00 00 00 8e 3c b8 00 8e 3d 40 00 00 90 32 | =
.....<...=3D@...2|
[0x500 trap]
013ed910 00 00 05 00 41 a1 e5 68 0a 00 00 00 00 00 00 00 =
|....A..h........|
013ed920 0b 5c 71 7c 79 c0 d7 fc 00 00 00 00 00 00 00 04 =
|.\q|y...........|
[ignore? ] (see above trap frame)
013ed930 df 5e a9 50 00 00 00 03 00 00 00 03 00 eb af 00 =
|.^.P............|
013ed940 00 00 00 00 00 d4 ca 44 00 d2 6c 04 df 5e a9 50 =
|.......D..l..^.P|
[ ]: cpu_idle+0x58
013ed950 df 5e a9 70 00 8e 32 5c 00 00 00 02 00 eb af 00 =
|.^.p..2\........|
013ed960 00 f2 d6 7c 00 00 00 03 00 d1 ca ac df 5e a9 70 =
|...|.........^.p|
[ ]: sched_idletd+0x4d4
013ed970 df 5e aa 50 00 53 6e 7c df 5e a9 80 00 00 00 00 =
|.^.P.Sn|.^......|
013ed980 df 5e a9 b0 01 47 d3 60 df 5e a9 90 ff ff ff fd =
|.^...G.`.^......|
013ed990 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013ed9a0 ff ff ff ff ff ff ff ff ff ff ff ff df 5e a9 b0 =
|.............^..|
013ed9b0 df 5e a9 d0 00 00 00 02 ff ff ff ff 00 00 01 e5 =
|.^..............|
013ed9c0 ff ff ff fd ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013ed9d0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013ed9e0 ff ff ff fd ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013ed9f0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013eda00 df 5e aa 20 00 f6 4a 00 00 00 00 00 00 00 00 00 |.^. =
..J.........|
013eda10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =
|................|
*
013eda30 00 00 00 00 00 53 69 a8 df 5e aa 98 00 00 00 00 =
|.....Si..^......|
013eda40 01 47 96 e0 01 47 d3 60 00 d1 b3 70 df 5e aa 50 =
|.G...G.`...p.^.P|
[ ]: fork_exit+0xb4
013eda50 df 5e aa 80 00 4a 3c b4 df 5e aa 60 df 5e aa 60 =
|.^...J<..^.`.^.`|
013eda60 df 5e aa 80 00 00 00 00 00 00 00 00 00 00 00 00 =
|.^..............|
013eda70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =
|................|
[ ]: fork_tramoline+0x10
013eda80 00 00 00 00 00 8f 19 90 00 53 69 a8 00 00 00 00 =
|.........Si.....|
013eda90 df 5e aa 98 00 00 00 00 00 00 00 00 00 00 00 00 =
|.^..............|
013edaa0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =
|................|
=46rom the vmcore.6:
[ ]: trapexit+0x0 (after trapagain+0x4)
013ed4d0 df 5e a5 90 00 10 08 f8 00 00 00 04 df 5e a5 90 =
|.^...........^..|
013ed4e0 01 47 d3 60 00 00 00 54 05 91 b0 00 00 00 00 00 =
|.G.`...T........|
013ed4f0 00 00 00 00 00 00 00 0f 00 00 00 00 00 d4 c0 50 =
|...............P|
013ed500 01 47 d3 60 df 5e a5 d0 00 00 00 00 00 00 00 00 =
|.G.`.^..........|
013ed510 00 d4 be 00 00 cb 98 98 00 d4 c4 6c 00 d4 c4 6c =
|...........l...l|
013ed520 00 11 11 97 00 11 12 16 00 00 11 11 05 91 b0 00 =
|................|
013ed530 00 56 64 30 00 00 01 14 00 00 00 00 00 00 00 00 =
|.Vd0............|
013ed540 00 00 00 01 00 00 00 00 00 eb af 00 01 47 d3 60 =
|.............G.`|
013ed550 00 d1 ca ac df 5e a5 90 00 53 5a d0 20 00 90 34 =
|.....^...SZ. ..4|
[ ]: sched_affinity+0x18
[ ]: =46rom .hash section
013ed560 00 00 00 00 00 00 00 00 00 90 a0 f0 10 00 10 32 =
|...............2|
[0x400 trap]
013ed570 00 00 04 00 01 81 a4 7c 0a 00 00 00 05 91 b0 00 =
|.......|........|
013ed580 00 eb af 00 01 47 d3 60 00 d1 ca ac df 5e a5 90 =
|.....G.`.....^..|
[ ]: sched_add+0x1a0
013ed590 df 5e a5 d0 00 53 59 dc 00 00 00 01 00 d4 c5 4c =
|.^...SY........L|
013ed5a0 df 5e 00 00 00 00 00 40 df 5e a5 b0 00 00 00 04 =
|.^.....@.^......|
013ed5b0 df 5e a5 d0 00 00 00 00 00 00 00 01 00 00 00 00 =
|.^..............|
013ed5c0 05 91 b3 28 05 91 b0 00 00 d1 ca ac df 5e a5 d0 =
|...(.........^..|
[ ]: sched_wakeup+0xa8
013ed5d0 df 5e a5 f0 00 53 5c 18 00 00 00 00 00 00 00 00 =
|.^...S\.........|
013ed5e0 01 42 b0 80 05 91 b0 00 00 d1 c4 c4 df 5e a5 f0 =
|.B...........^..|
[ ]: setrunnable+0xa0
013ed5f0 df 5e a6 10 00 50 26 08 df 5e a6 00 00 cb 98 98 =
|.^...P&..^......|
013ed600 df 5e a6 40 00 d4 c4 6c 00 d1 d5 34 df 5e a6 10 =
|.^.@...l...4.^..|
[ ]: sleepq_resume_thread+0x180
013ed610 df 5e a6 40 00 56 43 2c 00 56 64 30 00 00 01 14 =
|.^.@.VC,.Vd0....|
013ed620 df 5e a6 40 00 00 00 00 00 00 00 01 00 00 11 11 =
|.^.@............|
013ed630 8a d3 94 2a 05 91 b0 00 00 d1 d5 34 df 5e a6 40 =
|...*.......4.^.@|
[ ]: sleepq_timeout+0xcc
013ed640 df 5e a6 80 00 56 64 fc 00 c9 66 bc 00 00 00 00 =
|.^...Vd...f.....|
013ed650 00 00 11 11 00 00 00 00 97 a0 fc 3d 80 96 c0 38 =
|...........=3D...8|
013ed660 df 5e a6 80 00 8e a5 04 00 d2 5b 10 05 91 b2 a0 =
|.^........[.....|
013ed670 00 e9 58 00 00 00 00 00 00 d1 c8 20 df 5e a6 80 |..X........ =
.^..|
[ ]: softclock_call_cc+0x1f4
013ed680 df 5e a6 f0 00 51 63 84 00 d2 5b 10 df 5e a6 90 =
|.^...Qc...[..^..|
013ed690 df 5e a6 f0 00 8a ca a8 df 5e a6 a0 00 00 00 0f =
|.^.......^......|
013ed6a0 df 5e a7 10 00 4c e2 f4 68 fc 88 02 00 00 00 04 =
|.^...L..h.......|
013ed6b0 df 5e a6 d0 00 00 00 02 00 11 11 97 00 11 12 16 =
|.^..............|
013ed6c0 00 00 11 11 d7 a0 9d 9d 00 11 11 8a 00 00 11 11 =
|................|
013ed6d0 97 a0 9d 9d 00 00 11 12 17 00 00 00 00 00 11 12 =
|................|
013ed6e0 17 00 00 00 00 e9 58 00 00 d1 c8 20 df 5e a6 f0 |......X.... =
.^..|
[ ]: callout_process+0x280
013ed6f0 df 5e a7 50 00 51 77 c0 df 5e a8 78 01 47 d3 60 =
|.^.P.Qw..^.x.G.`|
013ed700 01 47 d4 58 00 00 00 00 00 d1 ab 24 00 00 00 04 =
|.G.X.......$....|
013ed710 00 c9 66 bc 00 c4 5e a8 00 c9 66 bc 00 d4 c5 4c =
|..f...^...f....L|
013ed720 00 d0 53 00 00 eb a8 00 00 00 00 01 00 00 00 00 =
|..S.............|
013ed730 df 5e a9 8c 00 00 00 00 df 5e a8 78 00 00 11 11 =
|.^.......^.x....|
013ed740 97 a0 9d 9d df 5d 0d 00 00 d2 5b 10 df 5e a7 50 =
|.....]....[..^.P|
[ ]: handleevents+0x2ac
013ed750 df 5e a7 a0 00 8a b2 70 df 5e a7 60 df 5e a7 60 =
|.^.....p.^.`.^.`|
013ed760 df 5e a7 a0 00 53 49 dc 00 d2 5b 10 00 00 00 04 =
|.^...SI...[.....|
013ed770 df 5e a7 c0 05 9b d2 00 00 c9 66 bc 01 47 d3 60 =
|.^........f..G.`|
013ed780 df 5e a9 8c 00 f6 1d 90 00 00 11 11 97 a0 9d 9d =
|.^..............|
013ed790 df 5d 0d 00 df 5d 0d 30 00 d2 5b 10 df 5e a7 a0 =
|.]...].0..[..^..|
[ ]: timercb+0x4c4
013ed7a0 df 5e a8 20 00 8a d1 10 00 d2 6e 70 df 5e a7 b0 |.^. =
......np.^..|
013ed7b0 df 5e a7 e0 00 4a 96 00 00 00 11 11 00 00 00 00 =
|.^...J..........|
013ed7c0 97 a0 9d 9d 53 27 aa d0 df 5e a8 78 05 86 37 00 =
|....S'...^.x..7.|
013ed7d0 df 5e a7 f0 05 86 37 80 00 d4 be 00 00 cb 98 98 =
|.^....7.........|
013ed7e0 00 c9 66 bc 00 c4 5e a8 00 c9 66 bc 00 d4 c5 4c =
|..f...^...f....L|
013ed7f0 df 5e a9 e0 00 eb a8 00 00 c9 66 bc 01 47 d3 60 =
|.^........f..G.`|
013ed800 df 5e a9 8c df 5e a8 78 01 47 d3 60 00 00 00 00 =
|.^...^.x.G.`....|
013ed810 00 f6 1d 90 00 00 00 01 00 d2 6b dc df 5e a8 20 =
|..........k..^. |
[ ]: decr_intr+0xf4
013ed820 df 5e a8 40 00 8e 1f 08 00 00 00 00 00 00 00 04 =
|.^.@............|
013ed830 01 47 d4 34 00 00 00 01 00 d2 6e 60 df 5e a8 40 =
|.G.4......n`.^.@|
[ ]: powerpc_dispatch_intr+0xf8
013ed840 df 5e a8 70 00 8e 7d 5c 00 d1 ca ac df 5e a8 50 =
|.^.p..}\.....^.P|
013ed850 00 cd f0 74 00 00 00 03 00 00 00 03 00 eb af 00 =
|...t............|
013ed860 01 81 a4 7c 0a 00 00 00 00 00 00 00 00 00 90 32 =
|...|...........2|
[ ]: trapexit+0x0 (after trapagain+0x4)
013ed870 df 5e a9 30 00 10 08 f8 00 04 90 32 df 5e a9 30 =
|.^.0.......2.^.0|
013ed880 01 47 d3 60 00 00 00 00 0d 0a d2 89 00 00 00 00 =
|.G.`............|
013ed890 0d 0a d2 89 00 19 e9 a4 00 00 00 00 00 00 00 44 =
|...............D|
013ed8a0 01 fc a0 55 00 00 90 32 df 5d 0d 00 00 00 00 00 =
|...U...2.]......|
013ed8b0 00 d4 be 00 00 cb 98 98 00 c9 66 bc 00 c4 5e a8 =
|..........f...^.|
013ed8c0 00 c9 66 bc 00 d4 c5 4c df 5e a9 e0 00 eb a8 00 =
|..f....L.^......|
013ed8d0 00 c9 66 bc 01 47 d3 60 df 5e a9 8c 00 00 00 03 =
|..f..G.`.^......|
013ed8e0 00 00 00 03 00 eb af 00 00 00 00 00 00 8e 3c b8 =
|..............<.|
013ed8f0 00 d2 6c 04 df 5e a9 30 00 8e 3c d4 40 00 00 42 =
|..l..^.0..<.@..B|
[ ]: cpu_idle_60x+0x88
013ed900 20 00 00 00 00 8e 3c b8 00 8e 3d 40 00 00 90 32 | =
.....<...=3D@...2|
[0x900 trap]
013ed910 00 00 09 00 01 81 a4 7c 0a 00 00 00 00 00 00 00 =
|.......|........|
013ed920 8a 95 8e 6d 80 4a 8c 8c 00 00 00 00 00 00 00 04 =
|...m.J..........|
[ignore? ] (see above trap frame)
013ed930 df 5e a9 50 00 00 00 03 00 00 00 03 00 eb af 00 =
|.^.P............|
013ed940 00 00 00 00 00 d4 ca 44 00 d2 6c 04 df 5e a9 50 =
|.......D..l..^.P|
[ ]: cpu_idle+0x58
013ed950 df 5e a9 70 00 8e 32 5c 00 00 00 02 00 eb af 00 =
|.^.p..2\........|
013ed960 00 f2 d6 7c 00 00 00 03 00 d1 ca ac df 5e a9 70 =
|...|.........^.p|
[ ]: sched_idletd+0x4d4
013ed970 df 5e aa 50 00 53 6e 7c df 5e a9 80 00 00 00 00 =
|.^.P.Sn|.^......|
013ed980 df 5e a9 b0 01 47 d3 60 00 d2 5b 10 ff ff ff fd =
|.^...G.`..[.....|
013ed990 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013ed9a0 ff ff ff ff ff ff ff ff ff ff ff ff df 5e a9 b0 =
|.............^..|
013ed9b0 df 5e a9 d0 00 00 00 02 ff ff ff ff 00 00 01 e5 =
|.^..............|
013ed9c0 ff ff ff fd ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013ed9d0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013ed9e0 ff ff ff fd ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013ed9f0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff =
|................|
013eda00 df 5e aa 50 00 f6 4a 00 00 00 00 00 00 00 00 00 =
|.^.P..J.........|
013eda10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =
|................|
*
013eda30 00 00 00 00 00 53 69 a8 df 5e aa 98 00 00 00 00 =
|.....Si..^......|
013eda40 01 47 96 e0 01 47 d3 60 00 d1 b3 70 df 5e aa 50 =
|.G...G.`...p.^.P|
[ ]: fork_exit+0xb4
013eda50 df 5e aa 80 00 4a 3c b4 df 5e aa 60 fa 50 05 af =
|.^...J<..^.`.P..|
013eda60 df 5e aa 80 00 00 00 00 00 00 00 00 00 00 00 00 =
|.^..............|
013eda70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =
|................|
[ ]: fork_tramoline+0x10
013eda80 00 00 00 00 00 8f 19 90 00 53 69 a8 00 00 00 00 =
|.........Si.....|
013eda90 df 5e aa 98 00 00 00 00 00 00 00 00 00 00 00 00 =
|.^..............|
013edaa0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =
|................|
FYI: The memory protection debugging hack in (and some
before):
void
moea64_kenter_attr(mmu_t mmu, vm_offset_t va, vm_paddr_t pa, =
vm_memattr_t ma)
is currently:
# svnlite diff /usr/src/sys/powerpc/aim/mmu_oea64.c =
=
Index: =
/usr/src/sys/powerpc/aim/mmu_oea64.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- /usr/src/sys/powerpc/aim/mmu_oea64.c (revision 317820)
+++ /usr/src/sys/powerpc/aim/mmu_oea64.c (working copy)
@@ -1752,6 +1752,18 @@
PV_PAGE_UNLOCK(m);
}
=20
+#if defined(AIM) && !defined(__powerpc64__)
+//
+// Part of PowerMac G5 HACK FOR PROBLEM FINDING. . .
+// (G5 used via 32-bit FreeBSD.)
+//
+
+extern char _GOT_START_[]; // beginning of .got/.got.plt
+extern char _GOT_END_[]; // ending of .got/.got.plt
+
+extern vm_offset_t __startkernel, __endkernel;
+#endif
+
/*
* Map a wired page into kernel virtual address space.
*/
@@ -1762,6 +1774,52 @@
struct pvo_entry *pvo, *oldpvo;
=20
pvo =3D alloc_pvo_entry(0);
+#if defined(AIM) && !defined(__powerpc64__)
+ //
+ // PowerMac G5 HACK FOR PROBLEM FINDING. . .
+ // (G5 used via 32-bit FreeBSD.)
+ //
+ // As a problem-finding-aid try to catch some examples of
+ // jumping to non-code in the kernel before it tries to
+ // execute that that code. Hopefully this will show where
+ // the bad jump into the likes of the .hash section is
+ // happening. (dbb bt and vmcore.*'s have not lead to
+ // that information so far.)
+ //
+ if (cpu_features & PPC_FEATURE_64)
+ {
+ // First deal with pages that should have the original
+ // VM_PROT_EXECUTE status for something on the page
+ // (most pages in the kernel area). So pages with some
+ // byte(s) from .text, .got, or .got.plt, along with
+ // any requested from before where __startkernel
+ // indicates. Also any va requested from a page
+ // containing where __endkernel indicates or later
+ // gets VM_PROT_EXECUTE if such a va is requested.
+ //
+ // So: have just the rest of the kernel area not have
+ // VM_PROT_EXECUTE status in hopes that it will report
+ // where the code is that is making bad jumps to
+ // non-code, such as jumping into the .hash section
+ // instead of reporting on illegal instructions
+ // from the incorrect traget area.
+ //
+ if ( va < ((vm_offset_t)(etext+(PAGE_SIZE-1)) & =
~PAGE_MASK) )
+ pvo->pvo_pte.prot =3D VM_PROT_READ | =
VM_PROT_WRITE | VM_PROT_EXECUTE;
+
+ else if ( ((vm_offset_t)_GOT_START_ & ~PAGE_MASK) <=3D =
va
+ && va < ((vm_offset_t)(_GOT_END_+(PAGE_SIZE-1)) =
& ~PAGE_MASK)
+ )
+ pvo->pvo_pte.prot =3D VM_PROT_READ | =
VM_PROT_WRITE | VM_PROT_EXECUTE;
+
+ else if ( va < (__endkernel & ~PAGE_MASK) )
+ pvo->pvo_pte.prot =3D VM_PROT_READ | =
VM_PROT_WRITE;
+
+ else // Otherwise do as before the HACK:
+ pvo->pvo_pte.prot =3D VM_PROT_READ | =
VM_PROT_WRITE | VM_PROT_EXECUTE;
+ }
+ else
+#endif
pvo->pvo_pte.prot =3D VM_PROT_READ | VM_PROT_WRITE | =
VM_PROT_EXECUTE;
pvo->pvo_pte.pa =3D (pa & ~ADDR_POFF) | moea64_calc_wimg(pa, =
ma);
pvo->pvo_vaddr |=3D PVO_WIRED;
Being va based for when to avoid VM_PROT_EXECUTE
this way means that the openfirmware related
virtual addresses that go through this code still
get VM_PROT_EXECUTE --even if some had pa's in the
loaded kernel's address range (if such were
possible).
Note: While 32-bit powerpc FreeBSD uses a relocatable
kernel format it seems to not actually change the
code addresses on the G5 from what objdump reports
when looking at /boot/kernel/kernel .
=3D=3D=3D
Mark Millard
markmi at dsl-only.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D56D7968-13F4-4917-86EF-38C252B5D0B3>