On 03/06/13 09:21, Dietmar Maurer wrote:
> Using qemu 1.4.0:
>
>
>
> # qemu -hda test.raw -m 512 -cdrom
> pfSense-LiveCD-2.0.2-RELEASE-amd64-20121207-2239.iso
>
>
>
> Results in:
>
>
>
> trap 12: page fault while in kernel mode
>
> …
>
> stopped at x86bios_emu_rdw+0x2f: movzwl (%rbx),%eax
>
>
>
> Any ideas? Can somebody reproduce that?
I found this on the web:
351 static uint16_t
352 x86bios_emu_rdw(struct x86emu *emu, uint32_t addr)
353 {
354 uint16_t *va;
355
356 va = x86bios_get_pages(addr, sizeof(*va));
357 if (va == NULL)
358 x86bios_set_fault(emu, addr);
359
360 #ifndef __NO_STRICT_ALIGNMENT
361 if ((addr & 1) != 0)
362 return (le16dec(va));
363 else
364 #endif
365 return (le16toh(*va));
366 }
"movzwl (%rbx),%eax" reads the 16-bit word at %rbx, copies it into the
low 16 bits of %eax, and clears the rest of the bits in %eax.
This probably corresponds to the *va dereference at the end of the
function. (le16toh() is compiled out if the platform is little endian.)
Either x86bios_get_pages() returns garbage, or "addr" is garbage on input.
You'll have to trace back the callpath from x86bios_emu_rdw(), possibly
instrumenting it with printk()s (or whatever it's called in FreeBSD).
Laszlo
