Date: Sun, 8 Mar 2015 21:18:27 -0700 From: Mark Millard <markmi@dsl-only.net> To: FreeBSD PowerPC ML <freebsd-ppc@freebsd.org>, Nathan Whitehorn <nwhitehorn@freebsd.org> Subject: Re: 10.1-STABLE kern.vty=vt crashes PowerMac G5 extremely early in boot for 2560x1440 display... Message-ID: <EEF037EC-CFF2-4D4D-BB1B-0A0750E09C1F@dsl-only.net> In-Reply-To: <8B7B5167-0C94-4BA3-9515-B4CB8A817BDB@dsl-only.net> References: <8B7B5167-0C94-4BA3-9515-B4CB8A817BDB@dsl-only.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Nathan W. write:
> Could you please try -CURRENT? vt itself at least works fine there, =
but=20
> I'm not sure anyone has tested it with such a large display on any =
platform.
> -Nathan
I'll try. But it may take a bit to get a 11.0-CURRENT boot context =
established: I've got the G5's doing other things at the moment.
Looking at the -r279514 11.0-CURRENT code (see below) there seems a =
VBF_STATIC flag for indicating a statically sized initial buffer. But =
the code does not seem to use the static sized limits involved: instead =
the code always seems to use the final sizes even before vtbuf_grow =
toggles the flag's status.
In other words: I expect that this goes goes out of bounds and trashes =
memory it does not own while the static buffer is in use early on.
#ifdef SC_HISTORY_SIZE
#define VBF_DEFAULT_HISTORY_SIZE SC_HISTORY_SIZE
#else
#define VBF_DEFAULT_HISTORY_SIZE 500
#endif
...
#ifndef VT_FB_DEFAULT_WIDTH
#define VT_FB_DEFAULT_WIDTH 2048
#endif
#ifndef VT_FB_DEFAULT_HEIGHT
#define VT_FB_DEFAULT_HEIGHT 1200
#endif
...
#define _VTDEFH MAX(100, PIXEL_HEIGHT(VT_FB_DEFAULT_HEIGHT))
#define _VTDEFW MAX(200, PIXEL_WIDTH(VT_FB_DEFAULT_WIDTH))
...
static term_char_t vt_constextbuf[(_VTDEFW) * =
(VBF_DEFAULT_HISTORY_SIZE)];
static term_char_t *vt_constextbufrows[VBF_DEFAULT_HISTORY_SIZE];
static struct vt_window vt_conswindow =3D {
.vw_number =3D VT_CONSWINDOW,
.vw_flags =3D VWF_CONSOLE,
.vw_buf =3D {
.vb_buffer =3D &vt_constextbuf[0],
.vb_rows =3D &vt_constextbufrows[0],
.vb_history_size =3D VBF_DEFAULT_HISTORY_SIZE,
.vb_curroffset =3D 0,
.vb_roffset =3D 0,
.vb_flags =3D VBF_STATIC,
.vb_mark_start =3D {.tp_row =3D 0, .tp_col =3D 0,},
.vb_mark_end =3D {.tp_row =3D 0, .tp_col =3D 0,},
.vb_scr_size =3D {
.tp_row =3D _VTDEFH,
.tp_col =3D _VTDEFW,
},
},
.vw_device =3D &vt_consdev,
.vw_terminal =3D &vt_consterm,
.vw_kbdmode =3D K_XLATE,
.vw_grabbed =3D 0,
};
...
void
vtbuf_init_early(struct vt_buf *vb)
{
term_rect_t rect;
vb->vb_flags |=3D VBF_CURSOR;
vb->vb_roffset =3D 0;
vb->vb_curroffset =3D 0;
vb->vb_mark_start.tp_row =3D 0;
vb->vb_mark_start.tp_col =3D 0;
vb->vb_mark_end.tp_row =3D 0;
vb->vb_mark_end.tp_col =3D 0;
vtbuf_init_rows(vb);
rect.tr_begin.tp_row =3D rect.tr_begin.tp_col =3D 0;
rect.tr_end.tp_col =3D vb->vb_scr_size.tp_col;
rect.tr_end.tp_row =3D vb->vb_history_size;
vtbuf_fill(vb, &rect, VTBUF_SPACE_CHAR(TERMINAL_NORM_ATTR));
vtbuf_make_undirty(vb);
if ((vb->vb_flags & VBF_MTX_INIT) =3D=3D 0) {
mtx_init(&vb->vb_lock, "vtbuf", NULL, MTX_SPIN);
vb->vb_flags |=3D VBF_MTX_INIT;
}
}
...
static void
vtbuf_fill(struct vt_buf *vb, const term_rect_t *r, term_char_t c)
{
unsigned int pr, pc;
term_char_t *row;
for (pr =3D r->tr_begin.tp_row; pr < r->tr_end.tp_row; pr++) {
row =3D vb->vb_rows[(vb->vb_curroffset + pr) %
VTBUF_MAX_HEIGHT(vb)];
for (pc =3D r->tr_begin.tp_col; pc < r->tr_end.tp_col; =
pc++) {
row[pc] =3D c;
}
}
}
...
static void
vtbuf_init_rows(struct vt_buf *vb)
{
int r;
=20
vb->vb_history_size =3D MAX(vb->vb_history_size, =
vb->vb_scr_size.tp_row);
=20
for (r =3D 0; r < vb->vb_history_size; r++)
vb->vb_rows[r] =3D &vb->vb_buffer[r * =
vb->vb_scr_size.tp_col];
}
...
void
vtbuf_init(struct vt_buf *vb, const term_pos_t *p)
{
int sz;
vb->vb_scr_size =3D *p;
vb->vb_history_size =3D VBF_DEFAULT_HISTORY_SIZE;
if ((vb->vb_flags & VBF_STATIC) =3D=3D 0) {
sz =3D vb->vb_history_size * p->tp_col * =
sizeof(term_char_t);
vb->vb_buffer =3D malloc(sz, M_VTBUF, M_WAITOK | =
M_ZERO);
sz =3D vb->vb_history_size * sizeof(term_char_t *);
vb->vb_rows =3D malloc(sz, M_VTBUF, M_WAITOK | M_ZERO);
}
vtbuf_init_early(vb);
}
...
void
vtbuf_grow(struct vt_buf *vb, const term_pos_t *p, unsigned int =
history_size)
{
...
vb->vb_history_size =3D history_size;
vb->vb_buffer =3D new;
vb->vb_rows =3D rows;
vb->vb_flags &=3D ~VBF_STATIC;
vb->vb_scr_size =3D *p;
vtbuf_init_rows(vb);
...
=3D=3D=3D
Mark Millard
markmi@dsl-only.net
On 2015-Mar-8, at 03:22 AM, Mark Millard <markmi@dsl-only.net> wrote:
Basic context:
$ freebsd-version -ku; uname -a
10.1-STABLE
10.1-STABLE
FreeBSD FBSDG5S0 10.1-STABLE FreeBSD 10.1-STABLE #0 r279507M: Fri Mar 6 =
23:08:59 PST 2015 root@FBSDG5S0:/usr/obj/usr/src/sys/GENERIC64vtsc =
powerpc
The crash details (X11 is not part of the context, just console use):
I tried using a 2560x1440 display with a PowerMac G5 but forgot to =
switch from kern.vty=3Dvt to kern.vty=3Dsc in /boot/loader.conf first.
But the result was new since the last time I'd done such a thing (long =
ago)...
It crashed so early that it returned to Apple's OpenFirmware.
That allowed me to use .registers in OpenFirmware to find where it had =
crashed at.
It turned out that the Interrupt Vector was 0x700 and SRR0 was 0x380. =
(Openfirmare does not put an exception handler at 0x380 (leaving zeros) =
so a 0x380 exception handler's attempted use leads to a double fault =
when OpenFirmware's handlers are all that are in place, the 2nd of the =
pair going to the 0x700 exception handler.)
Luckily LR is preserved in this sequence and it ended up pointing to:
vtbuf_init_early+0x78 (0x40787c was the address for the build)
and that was the instruction after a bl to .vtbuf_fill.
This was fully repeatable.
As conformation of the size dependency: Switching to a smaller display =
booted fine (again fully repeatable).
I'll note that kern.vty=3Dsc handles the 2560x1440 display fine for that =
same PowerMac G5. sc uses most but not all of the width and it uses all =
of the height.
Other context details:
$ cd /usr/src
$ svnlite info
Path: .
Working Copy Root Path: /usr/src
URL: https://svn0.us-west.freebsd.org/base/stable/10
Relative URL: ^/stable/10
Repository Root: https://svn0.us-west.freebsd.org/base
Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
Revision: 279507
Node Kind: directory
Schedule: normal
Last Changed Author: ngie
Last Changed Rev: 279507
Last Changed Date: 2015-03-01 14:12:24 -0800 (Sun, 01 Mar 2015)
$ svnlite st --no-ignore
? .snap
? restoresymtable
M sys/ddb/db_main.c
M sys/ddb/db_script.c
I sys/powerpc/conf/GENERIC64vtsc
I sys/powerpc/conf/GENERICvtsc
M sys/powerpc/ofw/ofw_machdep.c
M sys/powerpc/ofw/ofwcall64.S
M sys/powerpc/powerpc/dump_machdep.c
sys/powerpc/ofw/ofw_machdep.c has a PowerMac G5 specific change to avoid =
intermittent boot problems.
sys/ddb/... and sys/powerpc/ofw/ofwcall64.S are just to help me get =
evidence if I do end up with another early-boot failure. DDB and GDB are =
listed in sys/powerpc/conf/GENERIC64vtsc for the same reason.
sys/powerpc/powerpc/dump_machdep.c is from me forcing the DMA transfer =
size for dumps to be small enough not to be rejected as too large of a =
DMA request size.
sys/powerpc/conf/GENERIC64vtsc turns off ps3 in order to turn on both vt =
and sc. It includes the standard GENERIC64.
# more /etc/make.conf
#CPP=3Dclang-cpp
#CC=3Dclang
#CXX=3Dclang++
WRKDIRPREFIX=3D/usr/obj/portswork
WITH_DEBUG=3D
MALLOC_PRODUCTION=3D
# more /etc/src.conf
#CPP=3Dclang-cpp
#CC=3Dclang
#CXX=3Dclang++
#CFLAGS+=3D-DELF_VERBOSE
#WITH_DEBUG_FILES=3D
#WITHOUT_CLANG
=3D=3D=3D
Mark Millard
markmi at dsl-only.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EEF037EC-CFF2-4D4D-BB1B-0A0750E09C1F>