Date: Mon, 13 Feb 2017 21:36:31 +0100 From: Dimitry Andric <dim@FreeBSD.org> To: Eric McCorkle <eric@metricspace.net> Cc: freebsd-hackers@FreeBSD.org, Allan Jude <allanjude@FreeBSD.org>, freebsd-amd64@freebsd.org Subject: Re: GELI BIOS weirdness Message-ID: <F1DCB7BA-0E21-44A6-B80A-0E0429B235FE@FreeBSD.org> In-Reply-To: <6874308d-8892-2f03-d125-418949fd472c@metricspace.net> References: <6874308d-8892-2f03-d125-418949fd472c@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_46F982B2-64B8-4F6E-8FAA-7539E4E0E910
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
On 13 Feb 2017, at 21:24, Eric McCorkle <eric@metricspace.net> wrote:
>
> Hello everyone,
>
> I ran into an apparent bug while trying to test a patch related to some
> GELI boot work. This particular patch involves *BIOS* GELI-on-root (not
> EFI).
>
> I created an image for qemu with a single gpt disk having a freebsd-boot
> and freebsd-ufs partition, with the freebsd-ufs partition actually
> having a GELI volume.
>
> The gptboot phase crashes with an illegal instruction. I tracked this
> down to eli_metadata_softc (defined in sys/geom/eli/g_eli.h),
> specifically to the mod operation near the end. Code here:
>
>> if (!(sc->sc_flags & G_ELI_FLAG_AUTH))
>> sc->sc_mediasize -= (sc->sc_mediasize % sc->sc_sectorsize);
>> else {
>
> This crash also occurs on a build from master.
>
> The crash dump shows eip pointing to the following code:
>
> 66 0f 38 f6 f0 31 c6 8b - 4d 14 89 cf c1 ff 1f 8b
>
> The the first 5 bytes of this looks like it's supposed to be an extended
> DIV instruction, which is what I would expect, except the opcode is
> wrong (it's adc instead), which doesn't end up corresponding to any
> valid form of an extended instruction (the 66 prefix). Examination of
> the disassembly confirms this, and the surrounding instructions match
> what you would expect from the C code.
This disassembles to:
0: 66 0f 38 f6 f0 adcx %eax,%esi
5: 31 c6 xor %eax,%esi
7: 8b 4d 14 mov 0x14(%ebp),%ecx
a: 89 cf mov %ecx,%edi
c: c1 ff 1f sar $0x1f,%edi
f: 8b .byte 0x8b
My first guess would be that the code simply jumped into garbage. But
can you post the complete .o file somewhere for inspection?
-Dimitry
--Apple-Mail=_46F982B2-64B8-4F6E-8FAA-7539E4E0E910
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAliiGNYACgkQsF6jCi4glqPBNwCglFGGSO5+5Zow9sh+o/itoDbg
fs0AnjQQCceaEcP83wEi40cGpXfwNZaQ
=o5jB
-----END PGP SIGNATURE-----
--Apple-Mail=_46F982B2-64B8-4F6E-8FAA-7539E4E0E910--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F1DCB7BA-0E21-44A6-B80A-0E0429B235FE>