From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <afish@apple.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=17.151.62.67; helo=nwk-aaemail-lapp02.apple.com;
 envelope-from=afish@apple.com; receiver=edk2-devel@lists.01.org 
Received: from nwk-aaemail-lapp02.apple.com (nwk-aaemail-lapp02.apple.com
 [17.151.62.67])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id E6C892118C4E3
 for <edk2-devel@lists.01.org>; Sun, 18 Nov 2018 14:38:15 -0800 (PST)
Received: from pps.filterd (nwk-aaemail-lapp02.apple.com [127.0.0.1])
 by nwk-aaemail-lapp02.apple.com (8.16.0.22/8.16.0.22) with SMTP id
 wAIMbEHW020223; Sun, 18 Nov 2018 14:38:15 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com;
 h=mime-version :
 content-type : sender : from : message-id : subject : date : in-reply-to :
 cc : to : references; s=20180706;
 bh=PpHIHQxtzliyt9FAp95Le+2u4IJv8Ida0be+J8JGOuA=;
 b=VbikWC05FB/xUVTGiDdzOi6gW01xY1fkIgDxjGtLnr1/n0ADqNj8WhNazzfBxRGlaL9/
 P0xNecWDmpvgFhPeFGilluEyDR0+YPFybXmGZcEmhs1By/lgZwcSZPewoQD0r+ytx3E4
 BnA1o6CEVVhyQiaF88fH8MUHTwv5KKZbvKW0fgIwJPFPOgD6KdBoPoo6EtBzfjW5tYSR
 Zlx3oONfue/5FcJ9e+ZDb7Khwd9TK9lLUJ/51lKN+pEiWkFbNyYg38WJdws2Nzado0mR
 lMgQTfotzo5Bol4gwA36mdTQtBS17DhlVk2BGtMcMfWNgdn+0M2BuC4uqLI5SDwTdG9N mA== 
Received: from mr2-mtap-s02.rno.apple.com (mr2-mtap-s02.rno.apple.com
 [17.179.226.134])
 by nwk-aaemail-lapp02.apple.com with ESMTP id 2ntgextt25-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
 Sun, 18 Nov 2018 14:38:14 -0800
MIME-version: 1.0
Received: from ma1-mmpp-sz07.apple.com
 (ma1-mmpp-sz07.apple.com [17.171.128.149]) by mr2-mtap-s02.rno.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) with ESMTPS id <0PIE00GBGUVQN600@mr2-mtap-s02.rno.apple.com>; Sun,
 18 Nov 2018 14:38:14 -0800 (PST)
Received: from process_viserion-daemon.ma1-mmpp-sz07.apple.com by
 ma1-mmpp-sz07.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) id <0PIE00000ULE6R00@ma1-mmpp-sz07.apple.com>; Sun,
 18 Nov 2018 14:38:14 -0800 (PST)
X-Va-A: 
X-Va-T-CD: fffd3426b0bfcdcc1d7466dd5bf774e3
X-Va-E-CD: 63889f024351edad8b341b5de07fb5d9
X-Va-R-CD: 1b31b8f27f74d69e316e535bfbff9601
X-Va-CD: 0
X-Va-ID: 3a339bc7-0518-42d4-b1da-3837a40ba812
X-V-A: 
X-V-T-CD: fffd3426b0bfcdcc1d7466dd5bf774e3
X-V-E-CD: 63889f024351edad8b341b5de07fb5d9
X-V-R-CD: 1b31b8f27f74d69e316e535bfbff9601
X-V-CD: 0
X-V-ID: cb18e748-282d-461f-b3f1-264a02ae4f45
Received: from process_milters-daemon.ma1-mmpp-sz07.apple.com by
 ma1-mmpp-sz07.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) id <0PIE00000ULD6O00@ma1-mmpp-sz07.apple.com>; Sun,
 18 Nov 2018 14:38:14 -0800 (PST)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,,
 definitions=2018-11-18_06:,, signatures=0
Received: from [17.234.255.29] (unknown [17.234.255.29])
 by ma1-mmpp-sz07.apple.com
 (Oracle Communications Messaging Server 8.0.2.3.20180614 64bit (built Jun 14
 2018)) with ESMTPSA id <0PIE00AUXUVN5I40@ma1-mmpp-sz07.apple.com>; Sun,
 18 Nov 2018 14:38:14 -0800 (PST)
Sender: afish@apple.com
From: Andrew Fish <afish@apple.com>
Message-id: <81FDCF97-4145-4A7D-93B9-70A4D8B505FF@apple.com>
Date: Sun, 18 Nov 2018 14:37:09 -0800
In-reply-to: <TY2PR02MB283107D99637038D2F5129E78FDF0@TY2PR02MB2831.apcprd02.prod.outlook.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>,
 "ruiyu.ni@intel.com" <ruiyu.ni@intel.com>,
 "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
To: Liu Yu <pedroa.liu@outlook.com>
References: <TY2PR02MB28317A7BB9ADD94DB5B385A98FDF0@TY2PR02MB2831.apcprd02.prod.outlook.com>
 <154253322290.3729.10762860453718631884@jljusten-skl>
 <TY2PR02MB283107D99637038D2F5129E78FDF0@TY2PR02MB2831.apcprd02.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.6.18)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
 definitions=2018-11-18_06:, , signatures=0
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: EmulatorPkg Unix Host Segmentation fault.
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Nov 2018 22:38:16 -0000
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable



> On Nov 18, 2018, at 4:07 AM, Liu Yu <pedroa.liu@outlook.com> wrote:
>=20
> sorry your  path can't fix this issue.   if this path just turn off=20
> optimization option within sec.c not global project.
>=20
> I have tested different version GCC such as (GCC4,8, GCC5.x, GCC7.x) =20=

> and all of them can duplicate this issue  (Ubuntu 16.04, 16.10,18.04 )
>=20
> I have traced this issue on my hand.
>=20
> you can see Dispatcher.c (MdeModulePkg/Pei/DIspatcher/) Line 792:
>=20
>=20
> 790      if (StackOffsetPositive) {
> 791       SecCoreData =3D (CONST EFI_SEC_PEI_HAND_OFF *)((UINTN)(VOID=20=

> *)SecCoreData + StackOffset);
> 792      Private =3D (PEI_CORE_INSTANCE *)((UINTN)(VOID *)Private +=20
> StackOffset);
> 793     } else {
> 794      ..........
> 795      ..........
> 796    }
>=20
>  790 --792 disassembly code
>=20
>  0x10200f2ca <PeiCheckAndSwitchStack+1030>:    test %r14b,%r14b
>  0x10200f2cd <PeiCheckAndSwitchStack+1033>:    je 0x10200f2df=20
> <PeiCheckAndSwitchStack+1051>
>  0x10200f2cf <PeiCheckAndSwitchStack+1035>:    mov 0x38(%rsp),%rax
>  0x10200f2d4 <PeiCheckAndSwitchStack+1040>:    lea =
0x0(%rbp,%rax,1),%r14
>  0x10200f2d9 <PeiCheckAndSwitchStack+1045>:    lea (%rbx,%rax,1),%rbp
>=20
>  we can see Private value have been stored in %rbp  (rbp register be=20=

> used as general register )   so when call=20
> TemporaryRamSupportPpi->TemporaryRamMigration()
>=20

The calling conventions define RBP as non-volatile must be preserved by =
callee. Using RBP as the frame pointer is optional.=20

Is it possible the assembly coder is assuming RBP is a frame pointer? =
That would imply for gcc/clang the correct answer would be to have =
compiler flags force frame pointer usage?=20

Assuming -O 0 does something seems like we are matching an =
implementation at a given point in time. I'd rather force the frame =
pointer usage (that is optional in the ABI) if that fixes the RBP usage =
assumption. I guess the other option would be to have different =
assembler if the compiler is using frame pointers or not. and I don't =
think we have that concept.=20

Given this is the common frame pointer pattern:

	pushq	%rbp
	movq	%rsp, %rbp
...
	popq	%rbp
	retq

It follows the calling convention rules even if the frame pointer is not =
in general use. Thus it only seems like you would hit issues when you =
move the stack around.=20

Thanks,

Andrew Fish

PS Xcode clang always emits the frame pointer.=20

> this function would modify rbp value because it treat rbp as "stack =
base=20
> address ".
>=20
> 816     MigrateMemoryPages (Private, TRUE);
>=20
> // Private pointer point to other address, so this function would get =
a=20
> NULL pointer that result in segment fault
>=20
> I think we can turn off optimization options like this.
>=20
> 1. modify  EmulatorPkg.dsc
>=20
>       MdeModulePkg/Core/Pei/PeiMain.inf {
>          <BuildOptions>
>           GCC:*_*_*_CC_FLAGS =3D -O0
>   }
>=20
> Reference GCC Manual description:
>=20
>   -O also turns on -fomit-frame-pointer on machines where doing so =
does=20
> not interfere with debugging.
>=20
>=20
>=20
> =E5=9C=A8 2018/11/18 =E4=B8=8B=E5=8D=885:27, Jordan Justen =E5=86=99=E9=81=
=93:
>> On 2018-11-17 20:51:11, Liu Yu wrote:
>>> OS: Ubuntu
>>>=20
>>> Toolchain:GCC48
>> I don't have gcc-4.8, so I couldn't reproduce the issue, but I wonder
>> if this branch can fix the issue for you?
>>=20
>> https://github.com/jljusten/edk2/tree/emulator-temp-ram
>>=20
>> You can fetch this branch locally to a branch named `test` with a
>> command like this:
>>=20
>> $ git fetch --no-tags https://github.com/jljusten/edk2.git =
emulator-temp-ram:test
>>=20
>> Then checkout the `test` branch to try it.
>>=20
>> First, there is some patches to cleanup Sec, but then I added a =
patch:
>>=20
>> 53a432e149 "EmulatorPkg/Sec: Disable optimizations for =
TemporaryRamMigration function"
>>=20
>> Which I hope might help in your case.
>>=20
>> -Jordan
>>=20
>>> Issue Description :
>>>=20
>>>   Program received signal SIGSEGV, Segmentation fault.
>>>    at =
/home/pedroa/workspace/orign/edkcrb/MdeModulePkg/Core/Pei/Memory/MemorySer=
vices.c:129
>>> 129      Private->MemoryPages.Size =3D (UINTN) =
(Private->HobList.HandoffInformationTable->EfiMemoryTop -
>>>=20
>>>=20
>>> if the GCC optimization option is used not -O0 so the "rbp" register =
will be used as "general register"
>>>=20
>>> in the SecTemporaryRamSupport function as below, this function will =
modify the rbp (as general register not stack base address pointer)value =
that result in program crash.
>>>=20
>>> ASM_PFX(SecTemporaryRamSupport):
>>>   // Adjust callers %rbp to account for stack move
>>>   subq    %rdx, %rbp     // Calc offset of %rbp in Temp Memory
>>>   addq    %r8,  %rbp     // add in permanent base to offset
>>>=20
>>> _______________________________________________
>>> edk2-devel mailing list
>>> edk2-devel@lists.01.org
>>> https://lists.01.org/mailman/listinfo/edk2-devel