From owner-freebsd-x11@freebsd.org Thu Sep 3 22:59:19 2015 Return-Path: Delivered-To: freebsd-x11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00A7D9CA164 for ; Thu, 3 Sep 2015 22:59:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D93D7D27 for ; Thu, 3 Sep 2015 22:59:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t83MxIeD077518 for ; Thu, 3 Sep 2015 22:59:18 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-x11@FreeBSD.org Subject: [Bug 202643] x11/xorg: illegal instruction starting xorg in FreeBSD 10.2 in kvm/qemu virtulization Date: Thu, 03 Sep 2015 22:59:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dim@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-x11@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: attachments.created Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-x11@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: X11 on FreeBSD -- maintaining and support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Sep 2015 22:59:19 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202643 --- Comment #19 from Dimitry Andric --- Created attachment 160694 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=160694&action=edit Disable SSE for hw/xfree86/os-support/misc/SlowBcopy.c This patch works for me, can the original submitters please try dropping it in /usr/ports/x11-servers/xorg-server/files, and then rebuilding and reinstalling /usr/ports/x11-servers/xorg-server? I think what is happening is the following: - Xorg calls the VESA driver's VESAScreenInit() function - VESAScreenInit() calls VESAMapVidMem(), which uses pci_device_map_legacy() to map PCI memory into pVesa->VGAbase - VESAScreenInit() later calls VESASaveRestore(), which in turn calls SaveFonts() - SaveFonts() (and its inverse RestoreFonts()) calls xf86SlowBcopy(), with pVesa->VGAbase as source address - For some reason, QEmu does not like copying from the just-mapped PCI memory using SSE instructions (e.g. movups) - QEmu throws either an illegal instruction exception, or some other exception (which causes either SIGILL or SIGBUS) I'm guessing that this is the whole reason for the existence of a "slow bcopy" function in X.org: the function attempts to "slowly" copy byte by byte, even inserting outb(0x80, 0x00) instructions in between, if the really_slow_bcopy flag is set. However, clang recognizes the "while (len--) *dst++ = *src++;" idiom, and replaces this with SSE, which leads to QEmu throwing a fit, as described above. Note that this may very well also occur with newer gcc versions, since those will probably also transform copying loops into SSE. In any case, to make the "slow bcopy" really slow again, and avoid QEmu blowing up, I've added -mno-sse to the CFLAGS for the SlowBcopy.c file. (This flag is only needed on x86, btw.) The resulting assembly does not use SSE anymore, but just old-fashioned byte by byte copying: 0000000000000010 : [...] 47: 85 c9 test %ecx,%ecx 49: 74 15 je 60 4b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 50: ff c9 dec %ecx 52: 8a 07 mov (%rdi),%al 54: 48 8d 7f 01 lea 0x1(%rdi),%rdi 58: 88 06 mov %al,(%rsi) 5a: 48 8d 76 01 lea 0x1(%rsi),%rsi 5e: 75 f0 jne 50 60: 5d pop %rbp 61: c3 retq -- You are receiving this mail because: You are the assignee for the bug.