Problems with l4linux
Adam Lackorzynski
adam at os.inf.tu-dresden.de
Sun Nov 2 15:49:04 CET 2008
On Wed Oct 29, 2008 at 16:25:49 +1300, Valery V. Sedletski wrote:
> On Tue, 28 Oct 2008 17:48:44 +0100, Adam Lackorzynski wrote:
>
> >> >Rather not. Can you tell me at which position the f.2 is in user-land?
> >> >That would be interesting.
> >> >
> >>
> >> This is the result of executing "tf.2" in kernel debugger:
> >>
> >> thread: f.02 <001e0801> prio: a0 mcp: ff mode: Con
> >> state: 001 ready %dl
> >> 001e0804 into
> >> wait for: polling: rcv descr:
> >> lcked by: ---.-- timeout :
> >> cpu time: 2.000 ms timeslice: 4000/10000 µs
> >> pager : f.00 cap: ---.-- utcb: ffe34200
> >> preemptr: 0.00 not monitored ready lnk: ???.?? 5.00
> >> prsnt lnk: f.04 f.00
> >> EAX=00000000 ESI=001e0801 DS=0023
> >> EBX=a0051454 EDI=00000000 ES=0023 iret
> >> ECX=0000000d EBP=afeffe40 GS=0043 lea 0x0(%esi),%esi
> >> EDX=afeffe58 ESP=c03c17ec SS=0010
> >> trap 13 (General Protection), error 00000070, from kernel mode
> >> CS=0008 EIP=f003622b EFlags=00203246
> >> 001e0815 cli
> >> c03c17ec f003622b 00000008 00203246 [eacff102] 00000073 00203296 afeffe00 0000007b
> >> 001e0818 into
> >>
> >> the [eacff102] dword was highlighted in backtrace. So, as I understood
> >> this, this marks current stack frame. Here we see that previous stack
> >> frame is ip=0xf003622b, cs=0x8, eflags=0x00203246 is respectively ip,
> >> cs and eflags taken off from the stack by previous iret instruction.
> >> Current iret must take off the next frame: eip=0xeacff102, cs=0x73,
> >> eflags=0x00203296. Here we can see that selector cs=0x73 is ring3 and
> >> eip is 0xeacff102.
> >
> >Yep, ok, cs value is bogus. Now we need to find out why, cs should be
> >1b. (8 is kernel code, so ok.) Maybe I find the time to reproduce this
> >but on the other side it does not happen when the IOPL3 option is off,
> >right?
> >
>
> CS is incorrect? That's why it traps... I tried to set breakpoint before TRAP d in linux
> (in ioport.c when it writes "Got %d out of %d I/O ports") -- set "-wait" in fiasco command
> line and when it broke in kernel debugger after fiasco started, tried to set breakpoint:
>
> bi addr=4054ec
> b+ bpn=1
> br bpn=1 task=f
>
> But after I said "g" in the debugger it didn't stopped at the breakpoint, only broke in TRAP d. What I do incorrectly?
> Maybe, bi addr=4054ec sets the breakpoint at phys address, not to linear of task f? How then I can
> set to linear (or convert linear to physical?).
Breakpoint addresses are virtual.
Anyway, I found the reason. L4Linux had so much privileges that it was
able able to write MSRs which allowed it to setup the Sysenter-MSRs.
Normally this is trapped and handled. The kernel allows writing MSRs for
special purpose stuff, this was triggered here. The wrmsr's are in
enable_sep_cpu in arch/x86/vdso/vdso32-setup.c, if you comment them out
it should work.
> >> >> >I guess not. Which address? Anyway, I guess it should ioremap those...
> >> >> >
> >> ....
> >> >
> >> >Some of those addresses are quite low but unfortunately I don't have an
> >> >idea what they're used for.
> >> >
> >>
> >> The Cardbus controller uses these addresses, according to windows Device manager:
> >>
> >> 0xb8008000-0xb8008fff
> >> 0xfebff000-0xfebfffff
> >> 0xfabff000-0xfebfefff
> >> 0x000db000-0x000dbfff
> >>
> >> and modem itself uses none, only i/o and irq
> >>
> >> Also, I searched logs and found that piece:
> >>
> >> Oct 21 04:54:14 localhost kernel: Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled
> >> Oct 21 04:54:14 localhost kernel: cs: memory probe 0xb8000000-0xb80fffff: l4x ioremap: Requested region at b8010000 [0x1000
> >> Bytes]
> >> Oct 21 04:54:14 localhost kernel: cs: memory probe 0x70000000-0x700fffff: excluding 0x70000000-0x700fffff
> >> Oct 21 04:54:14 localhost kernel: cs: warning: no high memory space available!
> >>
> >> (This was in the log with info level (there are also error and warning levels)), so, as I understood, this is not fatal.
> >> Also here are ioremaps, so, they are present.
> >
> >Looks like this stuff is doing someting quite special, at least when
> >looking at the code that is producing those log lines. I fear it's not
> >easily doable to get this going.
> >
>
> Hmm... Sad. -- I wanted to experiment with it while the inet access
> working, but I turns that I can't. But interestingly, bluetooth
> comport is working and GPRS access to internet through it either. So,
> I could try this through bluetooth and my phone, if not PCMCIA. Bad
> but not worst ;) Anyway, I can try pcmcia modem again when TRAP d will
> be resolved, a warning with High memory access may be not so important
> and it will work. Or not?
I would guess not.
> PS:
> I searched L4linux sources for string "no high memory space" and found
> nothing. Strange. Could you point me where it is, please?
It's in drivers/pcmcia/rsrc_nonstatic.c:434
Adam
--
Adam adam at os.inf.tu-dresden.de
Lackorzynski http://os.inf.tu-dresden.de/~adam/
More information about the l4-hackers
mailing list