Date: Wed, 6 Feb 2019 14:46:34 +0000 From: sc dying <sc.dying@gmail.com> To: Oleg Ginzburg <olevole@olevole.ru> Cc: freebsd-virtualization@freebsd.org, tech-kern@netbsd.org Subject: Re: NetBSD 8.0/amd64+ bhyve (FreeBSD 12)+xhci = SIGSEGV Message-ID: <CA%2B16Tw%2BCMs5X68LVUbJU3VX2cFFS42M-4MTA0ek3UiUGL9MvOA@mail.gmail.com> In-Reply-To: <CAMsb%2Bmao2bN%2Bwxcf%2BODChPLUpABX%2Bdxq1KjQv%2BP-xjAG5AEvrg@mail.gmail.com> References: <CAMsb%2Bmao2bN%2Bwxcf%2BODChPLUpABX%2Bdxq1KjQv%2BP-xjAG5AEvrg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 25, 2018 at 11:02 PM Oleg Ginzburg <olevole@olevole.ru> wrote: > > Hello. NetBSD works fine in bhyve, except for the case when the bhyve > emulates eXtensible Host Controller Interface (xHCI) USB controller. ( > -s 30,xhci,tablet ) > Perhaps SIGSEGV of bhyve is caused by the abnormal behavior of xhci on > the NetBSD guest, so I decided to write both mailing lists. > > LLDB output upon bhyve crash (guest screen: https://pasteboard.co/HFAqTOk.png ): > > https://github.com/freebsd/freebsd/blob/ebeb3285f598d6c1214c49598c951493d09e1067/usr.sbin/bhyve/pci_xhci.c#L735 > > Process 57083 stopped > * thread #20, name = 'vcpu 0', stop reason = signal SIGSEGV: invalid > address (fault address: 0x0) > frame #0: 0x00000000002587d8 > bhyve`pci_xhci_insert_event(sc=0x00000008010a5100, > evtrb=0x00007fffddbeba78, do_intr=0) at pci_xhci.c:735 > 732 rts = &sc->rtsregs; > 733 > 734 erdp = rts->intrreg.erdp & ~0xF; > -> 735 erdp_idx = (erdp - > rts->erstba_p[rts->er_deq_seg].qwEvrsTablePtr) / > 736 sizeof(struct xhci_trb); > 737 > 738 DPRINTF(("pci_xhci: insert event 0[%lx] 2[%x] 3[%x]\r\n" > (lldb) frame variable erdp_idx > (int) erdp_idx = 0 > > > in all likelihood, the problem in the rts->erstba_p structure because > when I commenting 735 line ( erdp_idx is used only in DPRINTF debug > output ) the next stop when working with this structure again, e.g: > > Process 58354 stopped > * thread #20, name = 'vcpu 0', stop reason = signal SIGSEGV: invalid > address (fault address: 0x8) > frame #0: 0x0000000000258881 > bhyve`pci_xhci_insert_event(sc=0x00000008010a5100, > evtrb=0x00007fffddbeba78, do_intr=0) at pci_xhci.c:750 > 747 evtrbptr = &rts->erst_p[rts->er_enq_idx]; > 748 > 749 /* TODO: multi-segment table */ > -> 750 if (rts->er_events_cnt >= rts->erstba_p->dwEvrsTableSize) { > 751 DPRINTF(("pci_xhci[%d] cannot insert event; > ring full\r\n", > 752 __LINE__)); > 753 err = XHCI_TRB_ERROR_EV_RING_FULL; > > > What can I do to find out the reasons for this behavior? Thanks! The bhyve initializes rts->erstba_p in pci_xhci_rtsregs_write() of bhyve/pci_xhci.c only when higher 32 bits of ERSTBA (ERSTBA_HI) is written. The NetBSD writes only lower 32 bit of ERSTBA because the AC64 bit of hccparams1 is not set on the bhyve. I think rts->erstba_p of the bhyve is uninitialised for the NetBSD guest. The bhyve should initialize rts->erstba_p when lower 32 bits of ERSTBA is written, too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B16Tw%2BCMs5X68LVUbJU3VX2cFFS42M-4MTA0ek3UiUGL9MvOA>