[Acx100-devel] Re: acx100 maybe fixed, needs testing

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

[please keep acx-devel CCed (unless you are going to send largish attachents)]

> For whatever reason, disabling voluntary preemption got rid of the STRAY UP
> message. And I'm currently looking into the OOPS - heres where I am now:
> 
> I found acx_l_ether_to_txdesc in conv.c, and made conv.disasm and conv.s.
> 
> I figured out that the oops part must have been:
> 
>  197:   74 0e                   je     1a7 <acx_l_ether_to_txdesc+0x13e>
>  199:   48 c7 c7 00 00 00 00    mov    $0x0,%rdi
>  1a0:   31 c0                   xor    %eax,%eax
>  1a2:   e8 00 00 00 00          callq  1a7 <acx_l_ether_to_txdesc+0x13e>
>  1a7:   48 8b 75 18             mov    0x18(%rbp),%rsi <-- OOPS

In panic.png RBP = 0x00ff810039bd2000 - unlikely to be a valid address of anything.
Your analysis is right here.

>  1ab:   0f b7 cb                movzwl %bx,%ecx
>  1ae:   41 b8 20 00 00 00       mov    $0x20,%r8d
>  1b4:   89 ca                   mov    %ecx,%edx
>  1b6:   c1 ea 08                shr    $0x8,%edx
>  1b9:   48 8d 46 18             lea    0x18(%rsi),%rax
>  1bd:   48 8d 7e 1b             lea    0x1b(%rsi),%rdi
>  1c1:   c6 46 18 aa             movb   $0xaa,0x18(%rsi)
>  1c5:   c6 40 01 aa             movb   $0xaa,0x1(%rax)
>  1c9:   c6 40 02 03             movb   $0x3,0x2(%rax)
>  1cd:   89 c8                   mov    %ecx,%eax
> 
> Using the "Code:" line (Just as a reminder, it was "48 8b 75 10 0f b7 cb 41 b8
> 20 00 00 00 89 ca ci ea 08 48 8d" - It should all be in that picture I sent you).
> 
> By some guesswork, I located the (seemingly) appropriate part in the conv.s
> file, and marked it as described in the HOWTO.
> 
> I get:
> #APP
>         #o
> #NO_APP
>         movb    $-86, 24(%rsi) \
>         movb    $-86, 1(%rax)  | <--- OOPS?
>         movb    $3, 2(%rax)    /
> #APP
>         #p
> #NO_APP
>         movzwl  %bx, %ecx
>         movl    %ecx, %eax
>         movl    %ecx, %edx
>         sall    $8, %eax
>         shrl    $8, %edx
>         orl     %edx, %eax
>         movw    %ax, 3(%rdi)

Looks too different from .disasm.

Let's make sure that

# make drivers/net/wireless/acx/conv.o; objdump -dr drivers/net/wireless/acx/conv.o > conv.disasm
	and
# make drivers/net/wireless/acx/conv.s

with same, unedited conv.c produce the same instruction sequence with "mov 0x18(%rbp),%rsi" insn.
(It may look like "movl 24(%rbp), %rsi" in .s file, but it's the same).

Only when you are getting identical conv.disasm and conv.s, you can proceed
to asm("#") trick step.

Please send me conv.s and conv.disasm.
--
vda