NetBSD 8.0/amd64+ bhyve (FreeBSD 12)+xhci = SIGSEGV

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

NetBSD 8.0/amd64+ bhyve (FreeBSD 12)+xhci = SIGSEGV

Oleg Ginzburg
Hello. NetBSD works fine in bhyve, except for the case when the bhyve
emulates eXtensible Host Controller Interface (xHCI) USB controller. (
-s 30,xhci,tablet )
Perhaps SIGSEGV of bhyve is caused by the abnormal behavior of xhci on
the NetBSD guest, so I decided to write both mailing lists.

LLDB output upon bhyve crash (guest screen: https://pasteboard.co/HFAqTOk.png ):

https://github.com/freebsd/freebsd/blob/ebeb3285f598d6c1214c49598c951493d09e1067/usr.sbin/bhyve/pci_xhci.c#L735

Process 57083 stopped
* thread #20, name = 'vcpu 0', stop reason = signal SIGSEGV: invalid
address (fault address: 0x0)
    frame #0: 0x00000000002587d8
bhyve`pci_xhci_insert_event(sc=0x00000008010a5100,
evtrb=0x00007fffddbeba78, do_intr=0) at pci_xhci.c:735
   732          rts = &sc->rtsregs;
   733
   734          erdp = rts->intrreg.erdp & ~0xF;
-> 735          erdp_idx = (erdp -
rts->erstba_p[rts->er_deq_seg].qwEvrsTablePtr) /
   736                     sizeof(struct xhci_trb);
   737
   738          DPRINTF(("pci_xhci: insert event 0[%lx] 2[%x] 3[%x]\r\n"
(lldb) frame variable erdp_idx
(int) erdp_idx = 0


in all likelihood, the problem in the rts->erstba_p structure because
when I commenting 735 line ( erdp_idx is used only in DPRINTF debug
output ) the next stop when working with this structure again, e.g:

Process 58354 stopped
* thread #20, name = 'vcpu 0', stop reason = signal SIGSEGV: invalid
address (fault address: 0x8)
    frame #0: 0x0000000000258881
bhyve`pci_xhci_insert_event(sc=0x00000008010a5100,
evtrb=0x00007fffddbeba78, do_intr=0) at pci_xhci.c:750
   747          evtrbptr = &rts->erst_p[rts->er_enq_idx];
   748
   749          /* TODO: multi-segment table */
-> 750          if (rts->er_events_cnt >= rts->erstba_p->dwEvrsTableSize) {
   751                  DPRINTF(("pci_xhci[%d] cannot insert event;
ring full\r\n",
   752                           __LINE__));
   753                  err = XHCI_TRB_ERROR_EV_RING_FULL;


What can I do to find out the reasons for this behavior? Thanks!
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: NetBSD 8.0/amd64+ bhyve (FreeBSD 12)+xhci = SIGSEGV

sc dying
On Tue, Sep 25, 2018 at 11:02 PM Oleg Ginzburg <[hidden email]> wrote:

>
> Hello. NetBSD works fine in bhyve, except for the case when the bhyve
> emulates eXtensible Host Controller Interface (xHCI) USB controller. (
> -s 30,xhci,tablet )
> Perhaps SIGSEGV of bhyve is caused by the abnormal behavior of xhci on
> the NetBSD guest, so I decided to write both mailing lists.
>
> LLDB output upon bhyve crash (guest screen: https://pasteboard.co/HFAqTOk.png ):
>
> https://github.com/freebsd/freebsd/blob/ebeb3285f598d6c1214c49598c951493d09e1067/usr.sbin/bhyve/pci_xhci.c#L735
>
> Process 57083 stopped
> * thread #20, name = 'vcpu 0', stop reason = signal SIGSEGV: invalid
> address (fault address: 0x0)
>     frame #0: 0x00000000002587d8
> bhyve`pci_xhci_insert_event(sc=0x00000008010a5100,
> evtrb=0x00007fffddbeba78, do_intr=0) at pci_xhci.c:735
>    732          rts = &sc->rtsregs;
>    733
>    734          erdp = rts->intrreg.erdp & ~0xF;
> -> 735          erdp_idx = (erdp -
> rts->erstba_p[rts->er_deq_seg].qwEvrsTablePtr) /
>    736                     sizeof(struct xhci_trb);
>    737
>    738          DPRINTF(("pci_xhci: insert event 0[%lx] 2[%x] 3[%x]\r\n"
> (lldb) frame variable erdp_idx
> (int) erdp_idx = 0
>
>
> in all likelihood, the problem in the rts->erstba_p structure because
> when I commenting 735 line ( erdp_idx is used only in DPRINTF debug
> output ) the next stop when working with this structure again, e.g:
>
> Process 58354 stopped
> * thread #20, name = 'vcpu 0', stop reason = signal SIGSEGV: invalid
> address (fault address: 0x8)
>     frame #0: 0x0000000000258881
> bhyve`pci_xhci_insert_event(sc=0x00000008010a5100,
> evtrb=0x00007fffddbeba78, do_intr=0) at pci_xhci.c:750
>    747          evtrbptr = &rts->erst_p[rts->er_enq_idx];
>    748
>    749          /* TODO: multi-segment table */
> -> 750          if (rts->er_events_cnt >= rts->erstba_p->dwEvrsTableSize) {
>    751                  DPRINTF(("pci_xhci[%d] cannot insert event;
> ring full\r\n",
>    752                           __LINE__));
>    753                  err = XHCI_TRB_ERROR_EV_RING_FULL;
>
>
> What can I do to find out the reasons for this behavior? Thanks!

The bhyve initializes rts->erstba_p in pci_xhci_rtsregs_write() of
bhyve/pci_xhci.c
only when higher 32 bits of ERSTBA (ERSTBA_HI) is written.
The NetBSD writes only lower 32 bit of ERSTBA because the AC64 bit of
hccparams1 is not set on the bhyve.
I think rts->erstba_p of the bhyve is uninitialised for the NetBSD guest.

The bhyve should initialize rts->erstba_p when lower 32 bits of
ERSTBA is written, too.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to "[hidden email]"