From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44])
 by mx.groups.io with SMTP id smtpd.web12.4247.1652938996384729099
 for <devel@edk2.groups.io>;
 Wed, 18 May 2022 22:43:16 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: gmail.com, ip: 209.85.208.44, mailfrom: jirislaby@gmail.com)
Received: by mail-ed1-f44.google.com with SMTP id h11so4474280eda.8
        for <devel@edk2.groups.io>; Wed, 18 May 2022 22:43:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent
         :content-language:to:from:subject:content-transfer-encoding;
        bh=EQyyr63w6kIdHsPPFabLb0Kkl8tXuXlHk/eZfGeyoII=;
        b=K3Lx74e1NmHq+s1NOsoX9NMXWLrwfaWWxVMplBszzibFpE/6EfOIAmQFeLgKg/i/mC
         8qVnivDQ+tcLD9jix3/1GiDtpRM0UUNJcJtqVQGaIq8fkyYGukFQVVoDOjUA8CNH5vQD
         eSdnCwND944ordvxCbwhw44Pj9dLZXKxkm1R0qmlrKBvqewwLlT+q7JQWy14zSikbJZ4
         PpmLjm06YDdiV4QhqZFdNpvjcgtn8Bao10y0AzTOQH4HeR+fXEnLdpvugdlsiBE/iQOw
         kqooRte4SJs6UNt/O101XV7W7QP/k6nVHeWvxtqBMUiZ2VGmTxuNQmCNSS9jOhd0xZDw
         9+FA==
X-Gm-Message-State: AOAM530ZpjEB/fb9BDKzgxchCkGyY5QGn2pluNR6gf24B/SJbOcwyRzQ
	EbeHTyGBL6efc1Aihau7PoXYtMWhlsQ=
X-Google-Smtp-Source: ABdhPJw7A3GwoAleTcYVt3kdfoMFo0h8EsaOPROgt+pZ02dPo12QQCWUjbL2sfcVBW3nk4qj3vC/pw==
X-Received: by 2002:a05:6402:424a:b0:427:d3d0:da1e with SMTP id g10-20020a056402424a00b00427d3d0da1emr3566266edb.262.1652938994541;
        Wed, 18 May 2022 22:43:14 -0700 (PDT)
Return-Path: <jirislaby@gmail.com>
Received: from [192.168.1.49] (185-219-167-24-static.vivo.cz. [185.219.167.24])
        by smtp.gmail.com with ESMTPSA id hx23-20020a170906847700b006f3ef214e07sm1707263ejc.109.2022.05.18.22.43.13
        for <devel@edk2.groups.io>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 18 May 2022 22:43:13 -0700 (PDT)
Message-ID: <887c3f4f-c279-bd59-d92d-25922faae6dc@kernel.org>
Date: Thu, 19 May 2022 07:43:12 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.9.0
To: devel@edk2.groups.io
From: Jiri Slaby <jirislaby@kernel.org>
Subject: ovmf miscompiles with gcc-12
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

we discovered that qemu-ovmf-x86_64 doesn't start when compiled using 
gcc-12. Originally reported as:
https://bugzilla.suse.com/show_bug.cgi?id=1199597

I run qemu as:
qemu-kvm -drive file=/dev/null,format=raw -drive 
if=pflash,format=raw,unit=0,readonly=on,file=OVMF.fd -m 3000

The platform repeatedly resets after TemporaryRamMigration as can be 
seen in the debuglog:
https://bugzilla.suse.com/attachment.cgi?id=858969

The reason is TemporaryRamMigration() overwrites rbp unconditionally -- 
it adds an offset to rbp even if rbp is NOT used as a frame pointer 
(-fomit-frame-pointer was always used for compilation here). So 
commenting out:
> //JumpBuffer.Rbp = JumpBuffer.Rbp + DebugAgentContext.StackMigrateOffset;

makes it all work again. Also marking TemporaryRamMigration() as:
__attribute__((optimize("-fno-omit-frame-pointer")))
works around the problem too. (But that doesn't guarantee anything.)

The code is:
>   if (SetJump (&JumpBuffer) == 0) {
>  #if defined (MDE_CPU_IA32)
>     JumpBuffer.Esp = JumpBuffer.Esp + DebugAgentContext.StackMigrateOffset;
>     JumpBuffer.Ebp = JumpBuffer.Ebp + DebugAgentContext.StackMigrateOffset;
>  #endif
>  #if defined (MDE_CPU_X64)
>     JumpBuffer.Rsp = JumpBuffer.Rsp + DebugAgentContext.StackMigrateOffset;
>     JumpBuffer.Rbp = JumpBuffer.Rbp + DebugAgentContext.StackMigrateOffset;
>  #endif
>     LongJump (&JumpBuffer, (UINTN)-1);
>   }

It was only coincidence this ever worked -- gcc-11 omits the frame 
pointer too, but apparently the caller (PeiCheckAndSwitchStack) does not 
use rbp.

PeiCheckAndSwitchStack() (gcc-12):

>     79a6:       4c 29 fd                sub    %r15,%rbp <------ used rbp
>     79a9:       4d 29 fe                sub    %r15,%r14
>     79ac:       48 83 ec 20             sub    $0x20,%rsp
>     79b0:       4d 89 e0                mov    %r12,%r8
>     79b3:       48 8d 4b 08             lea    0x8(%rbx),%rcx
>     79b7:       48 8b 44 24 50          mov    0x50(%rsp),%rax
>     79bc:       48 8b 54 24 20          mov    0x20(%rsp),%rdx
>     79c1:       4d 29 e8                sub    %r13,%r8
>     79c4:       4c 8b 4c 24 30          mov    0x30(%rsp),%r9
>     79c9:       ff 10                   call   *(%rax)  <----------- call to TemporaryRamMigration
>     79cb:       48 83 c4 20             add    $0x20,%rsp
>     79cf:       be 01 00 00 00          mov    $0x1,%esi
>     79d4:       4c 89 f7                mov    %r14,%rdi
>     79d7:       e8 f4 a8 ff ff          call   22d0 <MigrateMemoryPages>
>     79dc:       48 83 ec 20             sub    $0x20,%rsp
>     79e0:       4d 89 f0                mov    %r14,%r8
>     79e3:       31 d2                   xor    %edx,%edx
>     79e5:       48 89 e9                mov    %rbp,%rcx   <------ rbp used

gcc-11 seems to copy rbp to r8 first and operates on r8 there instead.

Now, what is the right way to fix this? Do the SetJump/LongJump in 
assembly and wrap it into push rbp/pop rbp?

thanks,
-- 
js
suse labs