Re: Lock up when faking MMIO read[bwl] on some machines [WAS: FakingMMIO ops? Fooling a driver]

From: RafaÅ MiÅecki
Date: Sat Jun 18 2011 - 10:44:02 EST

Next message: Randy Dunlap: "Re: [PATCH] TMPFS: Expand "help" to explain value ofTMPFS_POSIX_ACL"
Previous message: Arnd Bergmann: "Re: [Bug 37682] New: Kernel mis-detects size/position of partition created with Seagate DiscWizard (OnTrack Disk Manager)"
In reply to: RafaÅ MiÅecki: "Re: Lock up when faking MMIO read[bwl] on some machines [WAS: FakingMMIO ops? Fooling a driver]"
Next in thread: RafaÅ MiÅecki: "Re: Lock up when faking MMIO read[bwl] on some machines [WAS: FakingMMIO ops? Fooling a driver]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

W dniu 18 czerwca 2011 14:03 uÅytkownik Pekka Paalanen <pq@xxxxxx> napisaÅ:
> Maybe the driver is doing a 16-bit wide access, and happens to
> store something else in the other 16/48 bits of RAX?

OK, attached is updated version of my patch. I think we can get some
clue from dmesgs with this patch applied.

My system (working):
[ 74.472502] mmiotrace: ZAJEC: overwriting 0x27 with 0xFFFF
[ 74.472511] mmiotrace: [ZAJEC] opcode is 0x8B
[ 74.472515] mmiotrace: [ZAJEC] prf info: shorted:1; enlarged:0, rexr:0, rex:0
[ 74.472517] mmiotrace: [ZAJEC] register is 0x0
[ 74.472520] mmiotrace: [ZAJEC] overwritting 2-byte value 0x0514 with 0xFFFF
[ 74.472523] mmiotrace: [ZAJEC] overwritting resulted in 0xFFFF

[ 74.487081] mmiotrace: ZAJEC: overwriting 0x20 with 0xFFFF
[ 74.487086] mmiotrace: [ZAJEC] opcode is 0x8B
[ 74.487089] mmiotrace: [ZAJEC] prf info: shorted:1; enlarged:0, rexr:0, rex:0
[ 74.487092] mmiotrace: [ZAJEC] register is 0x0
[ 74.487095] mmiotrace: [ZAJEC] overwritting 2-byte value 0x427E with 0xFFFF
[ 74.487097] mmiotrace: [ZAJEC] overwritting resulted in 0xFFFF

MacBook (with real overwritting commenet out!):
[ 228.248715] mmiotrace: ZAJEC: overwriting 0x810 with 0xFFFF
[ 228.254227] mmiotrace: [ZAJEC] opcode is 0xB70F
[ 228.259784] mmiotrace: [ZAJEC] prf info: shorted:0; enlarged:0, rexr:0, rex:0
[ 228.265399] mmiotrace: [ZAJEC] register is 0x0
[ 228.270955] mmiotrace: [ZAJEC] overwritting 4-byte value 0x00000000
with 0xFFFF
[ 228.276597] mmiotrace: [ZAJEC] overwritting resulted in 0x00000000

[ 228.284284] mmiotrace: ZAJEC: overwriting 0x810 with 0xFFFF
[ 228.289818] mmiotrace: [ZAJEC] opcode is 0xB70F
[ 228.295250] mmiotrace: [ZAJEC] prf info: shorted:0; enlarged:0, rexr:0, rex:0
[ 228.300838] mmiotrace: [ZAJEC] register is 0x0
[ 228.306339] mmiotrace: [ZAJEC] overwritting 4-byte value 0x00000000
with 0xFFFF
[ 228.311905] mmiotrace: [ZAJEC] overwritting resulted in 0x00000000

It's 2-byte vs. 4-byte. I suspect this can be the source of our
problem. Writing u16 0xFFFF value as u32 write.

--
RafaÅ

Attachment: mmio.debugging.patch
Description: Binary data

Next message: Randy Dunlap: "Re: [PATCH] TMPFS: Expand "help" to explain value ofTMPFS_POSIX_ACL"
Previous message: Arnd Bergmann: "Re: [Bug 37682] New: Kernel mis-detects size/position of partition created with Seagate DiscWizard (OnTrack Disk Manager)"
In reply to: RafaÅ MiÅecki: "Re: Lock up when faking MMIO read[bwl] on some machines [WAS: FakingMMIO ops? Fooling a driver]"
Next in thread: RafaÅ MiÅecki: "Re: Lock up when faking MMIO read[bwl] on some machines [WAS: FakingMMIO ops? Fooling a driver]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]