Re: EmulatorPkg Unix Host Segmentation fault.

From: Liu Yu <pedroa.liu@outlook.com>
To: Jordan Justen <jordan.l.justen@intel.com>,
	"afish@apple.com" <afish@apple.com>,
	"ruiyu.ni@intel.com" <ruiyu.ni@intel.com>
Cc: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Subject: Re: EmulatorPkg Unix Host Segmentation fault.
Date: Sun, 18 Nov 2018 12:07:36 +0000	[thread overview]
Message-ID: <TY2PR02MB283107D99637038D2F5129E78FDF0@TY2PR02MB2831.apcprd02.prod.outlook.com> (raw)
In-Reply-To: <154253322290.3729.10762860453718631884@jljusten-skl>

sorry your  path can't fix this issue.   if this path just turn off 
optimization option within sec.c not global project.

I have tested different version GCC such as (GCC4,8, GCC5.x, GCC7.x)  
and all of them can duplicate this issue  (Ubuntu 16.04, 16.10,18.04 )

I have traced this issue on my hand.

you can see Dispatcher.c (MdeModulePkg/Pei/DIspatcher/) Line 792:

790      if (StackOffsetPositive) {
791       SecCoreData = (CONST EFI_SEC_PEI_HAND_OFF *)((UINTN)(VOID 
*)SecCoreData + StackOffset);
792      Private = (PEI_CORE_INSTANCE *)((UINTN)(VOID *)Private + 
StackOffset);
793     } else {
794      ..........
795      ..........
796    }

  790 --792 disassembly code

  0x10200f2ca <PeiCheckAndSwitchStack+1030>:    test %r14b,%r14b
  0x10200f2cd <PeiCheckAndSwitchStack+1033>:    je 0x10200f2df 
<PeiCheckAndSwitchStack+1051>
  0x10200f2cf <PeiCheckAndSwitchStack+1035>:    mov 0x38(%rsp),%rax
  0x10200f2d4 <PeiCheckAndSwitchStack+1040>:    lea 0x0(%rbp,%rax,1),%r14
  0x10200f2d9 <PeiCheckAndSwitchStack+1045>:    lea (%rbx,%rax,1),%rbp

  we can see Private value have been stored in %rbp  (rbp register be 
used as general register )   so when call 
TemporaryRamSupportPpi->TemporaryRamMigration()

this function would modify rbp value because it treat rbp as "stack base 
address ".

816     MigrateMemoryPages (Private, TRUE);

// Private pointer point to other address, so this function would get a 
NULL pointer that result in segment fault

I think we can turn off optimization options like this.

1. modify  EmulatorPkg.dsc

       MdeModulePkg/Core/Pei/PeiMain.inf {
          <BuildOptions>
           GCC:*_*_*_CC_FLAGS = -O0
   }

Reference GCC Manual description:

   -O also turns on -fomit-frame-pointer on machines where doing so does 
not interfere with debugging.

在 2018/11/18 下午5:27, Jordan Justen 写道:
> On 2018-11-17 20:51:11, Liu Yu wrote:
>> OS: Ubuntu
>>
>> Toolchain:GCC48
> I don't have gcc-4.8, so I couldn't reproduce the issue, but I wonder
> if this branch can fix the issue for you?
>
> https://github.com/jljusten/edk2/tree/emulator-temp-ram
>
> You can fetch this branch locally to a branch named `test` with a
> command like this:
>
> $ git fetch --no-tags https://github.com/jljusten/edk2.git emulator-temp-ram:test
>
> Then checkout the `test` branch to try it.
>
> First, there is some patches to cleanup Sec, but then I added a patch:
>
> 53a432e149 "EmulatorPkg/Sec: Disable optimizations for TemporaryRamMigration function"
>
> Which I hope might help in your case.
>
> -Jordan
>
>> Issue Description :
>>
>>    Program received signal SIGSEGV, Segmentation fault.
>>     at /home/pedroa/workspace/orign/edkcrb/MdeModulePkg/Core/Pei/Memory/MemoryServices.c:129
>> 129      Private->MemoryPages.Size = (UINTN) (Private->HobList.HandoffInformationTable->EfiMemoryTop -
>>
>>
>> if the GCC optimization option is used not -O0 so the "rbp" register will be used as "general register"
>>
>> in the SecTemporaryRamSupport function as below, this function will modify the rbp (as general register not stack base address pointer)value that result in program crash.
>>
>> ASM_PFX(SecTemporaryRamSupport):
>>    // Adjust callers %rbp to account for stack move
>>    subq    %rdx, %rbp     // Calc offset of %rbp in Temp Memory
>>    addq    %r8,  %rbp     // add in permanent base to offset
>>
>> _______________________________________________
>> edk2-devel mailing list
>> edk2-devel@lists.01.org
>> https://lists.01.org/mailman/listinfo/edk2-devel