bsdi patch for p5 hang

Roger Espel Llima (espel@llaic.u-clermont1.fr)
Wed, 12 Nov 1997 09:24:33 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alcock: "Re: In Search Of The Perfect Motherboard..."
Previous message: Benjamin C.R. LaHaise: "ext2_free_inode: bit_cleared [PATCH]"

It was announced on Bugtraq that BSDi has an experimental patch against
the P5 bug. I dl'd it and tried to look at it... it looks like most
of the work is done by p5_hang_fix.

Maybe someone who knows i32 assembly and protected mode stuff and/or BSD
internals well can make real sense of this...

$ objdump -d -r machdep.o | less
[ all the RELOC things apply to the line just before them, and generally
fix the 0x0's ]

[ ... ]
00000dcc <_p5_hang_fix> pushl %ebp
00000dcd <_p5_hang_fix+1> movl %esp,%ebp
00000dcf <_p5_hang_fix+3> pushl %ebx
00000dd0 <_p5_hang_fix+4> cmpl $0xffffffff,0x1cd0
RELOC: 00000dd2 32 .data+0xffffe338
00000dd7 <_p5_hang_fix+b> jne 00000dee <_p5_hang_fix+22>
00000dd9 <_p5_hang_fix+d> cmpl $0x5,0x0
RELOC: 00000ddb 32 _cpu

[ looks like checking that the cpu is a p5 by looking at a variable ]

00000de0 <_p5_hang_fix+14> sete %al
00000de3 <_p5_hang_fix+17> movl %eax,%ebx
00000de5 <_p5_hang_fix+19> andl $0x1,%ebx
00000de8 <_p5_hang_fix+1c> movl %ebx,0x1cd0
RELOC: 00000dea 32 .data+0xffffe338
00000dee <_p5_hang_fix+22> cmpl $0x0,0x1cd0
RELOC: 00000df0 32 .data+0xffffe338
00000df5 <_p5_hang_fix+29> je 00000e72 <_p5_hang_fix+a6>

[ if not appropriate --> skip the p5 fix ]

00000df7 <_p5_hang_fix+2b> movl 0x0,%eax
RELOC: 00000df8 32 _virtual_avail
00000dfc <_p5_hang_fix+30> movl %eax,0x0
RELOC: 00000dfd 32 _fidt_page
00000e01 <_p5_hang_fix+35> addl $0x1000,%eax
00000e06 <_p5_hang_fix+3a> movl %eax,0x0
RELOC: 00000e07 32 _virtual_avail

[ add a 4k page to virtual_avail (??) ]

00000e0b <_p5_hang_fix+3f> pushl $0x1000
00000e10 <_p5_hang_fix+44> call 00000000
RELOC: 00000e11 DISP32 _pmap_bootstrap_alloc

00000e15 <_p5_hang_fix+49> movl %eax,%ecx
00000e17 <_p5_hang_fix+4b> movl 0x0,%edx
RELOC: 00000e19 32 _fidt_page
00000e1d <_p5_hang_fix+51> leal 0x1000(%edx),%eax
00000e23 <_p5_hang_fix+57> addl $0x4,%esp
00000e26 <_p5_hang_fix+5a> cmpl %eax,%ecx
00000e28 <_p5_hang_fix+5c> je 00000e34 <_p5_hang_fix+68>
00000e2a <_p5_hang_fix+5e> pushl $0xdb7
RELOC: 00000e2b 32 .text
00000e2f <_p5_hang_fix+63> call 00000000 <___gnu_compiled_c>
RELOC: 00000e30 DISP32 _panic

[ call pmap_boostrap_alloc with 0x1000, check the result, if it doesn't
match with fidt_page+0x1000, panic ]

00000e34 <_p5_hang_fix+68> addl $0xfc8,%edx
00000e3a <_p5_hang_fix+6e> movl %edx,0x1db0
RELOC: 00000e3c 32 .data+0xffffe338
00000e40 <_p5_hang_fix+74> pushl $0x148
00000e45 <_p5_hang_fix+79> pushl %ecx
00000e46 <_p5_hang_fix+7a> pushl $0x38
RELOC: 00000e47 32 _idt
00000e4b <_p5_hang_fix+7f> call 00000000 <___gnu_compiled_c>
RELOC: 00000e4c DISP32 _bcopy

[ call bcopy with 0x148, fidt_page+4k and 0x38+idt ]

00000e50 <_p5_hang_fix+84> pushl $0x17f
00000e55 <_p5_hang_fix+89> pushl 0x1db0
RELOC: 00000e57 32 .data+0xffffe338
00000e5b <_p5_hang_fix+8f> call 00000000 <___gnu_compiled_c>
RELOC: 00000e5c DISP32 _lidt

[ then call lidt (???) ]

00000e60 <_p5_hang_fix+94> pushl $0x8
00000e62 <_p5_hang_fix+96> pushl $0x0
00000e64 <_p5_hang_fix+98> pushl $0xf
00000e66 <_p5_hang_fix+9a> pushl $0x0
RELOC: 00000e67 32 _Xpbug_page [this is a data symbol]
00000e6b <_p5_hang_fix+9f> pushl $0xe
00000e6d <_p5_hang_fix+a1> call 00000d58 <_setidt>

[ and then setidt (???) ]

00000e72 <_p5_hang_fix+a6> movl 0xfffffffc(%ebp),%ebx
00000e75 <_p5_hang_fix+a9> leave
00000e76 <_p5_hang_fix+aa> ret

-- 
Roger Espel Llima
espel@llaic.univ-bpclermont.fr, espel@unix.bigots.org
http://www.eleves.ens.fr:8080/home/espel/index.html

Next message: Alcock: "Re: In Search Of The Perfect Motherboard..."
Previous message: Benjamin C.R. LaHaise: "ext2_free_inode: bit_cleared [PATCH]"