From owner-freebsd-bugs@freebsd.org Mon Dec 4 06:42:08 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5DEE4DF063A for ; Mon, 4 Dec 2017 06:42:08 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from mail108.syd.optusnet.com.au (mail108.syd.optusnet.com.au [211.29.132.59]) by mx1.freebsd.org (Postfix) with ESMTP id 25C5E7B0E9 for ; Mon, 4 Dec 2017 06:42:07 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from [192.168.0.102] (c110-21-101-228.carlnfd1.nsw.optusnet.com.au [110.21.101.228]) by mail108.syd.optusnet.com.au (Postfix) with ESMTPS id DDF7D1A0A90; Mon, 4 Dec 2017 17:42:04 +1100 (AEDT) Date: Mon, 4 Dec 2017 17:42:03 +1100 (EST) From: Bruce Evans X-X-Sender: bde@besplex.bde.org To: Bruce Evans cc: freebsd-bugs@freebsd.org Subject: Re: [Bug 224069] (Fix included) Use of uninitalized register value in vesa.ko, causing X, text console and suspend/resume to fail In-Reply-To: <20171204124654.G1571@besplex.bde.org> Message-ID: <20171204171239.W2345@besplex.bde.org> References: <20171204124654.G1571@besplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Optus-CM-Score: 0 X-Optus-CM-Analysis: v=2.2 cv=KeqiiUQD c=1 sm=1 tr=0 a=PalzARQSbocsUSjMRkwAPg==:117 a=PalzARQSbocsUSjMRkwAPg==:17 a=kj9zAlcOel0A:10 a=6I5d2MoRAAAA:8 a=CJRvK6LPOyyQbvpIYRQA:9 a=CjuIK1q_8ugA:10 a=IjZwj45LgO3ly-622nXo:22 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Dec 2017 06:42:08 -0000 On Mon, 4 Dec 2017, Bruce Evans wrote: > On Mon, 4 Dec 2017 a bug that doesn't want replies@freebsd.org wrote: > >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224069 > ... > I spent days looking for bugs near here. Unfortunately, removing the > commenting out doesn't fix them, since it has no effect except to undo the > silly optimization. > ... > With at least Haswell video, vm86 crashes with invalid memory references. > Tracing showed what looked like bad BIOS bugs (the BIOS sometimes uses > 64-bit pointers with garbage in the top 32-bits). I suspected buffer > overruns from bad sizes near the bug in this PR, but everything seemed > to be OK. I must have checked that DL was correctly initialized for this. > My changes somehow avoid these crashes. Resume just never worked with > Haswell video. On amd64, there are no crashes by the BIOS calls are too > hard to debug using tracing they take too many instructions. Resume > works for everything except video on my Haswell desktop system. I made a little progress: - I checked that DL is initialized to 0. - the crash in vm86 is only in debugging code that optionally tries to do the same save/load as suspend/resume. This crashes in save. However, when the state to save is changed from 0xf to 0x7, save/load seems to work (the saved state seems to be correct and reloading it has no effect. I should try a mode change in between to verify its effect). The 0x08 bit is most important for resume. It saves to sve the SVGA state, which is much larger (state 07 has size 0x3c0, mainly for the palette, and state 0xf has size 0x1a00). - the same saves at suspend time fails without saving anything or crashing. Load at suspend time is then not attempted. - if state 0x7 is saved early and returned later instead of failing in suspend, then loading it in resume doesn't fail, but has no effect. That was on i386. On amd64: - save/load of state 0xf now works correctly early - everything else behaves as on i386, except the early save of state 0xf can now be used for resume. Bruce