<div>Hi all,</div>
<div> I am trying to debug why the grub crashed (under usbrom) after loading certain blocks into the memory. </div>
<div>My new found is that while usbrom is trying to load (block lba=0x0019a9e0). it crashed. the flow is</div>
<div>usb_new_read(0,0x0019a9e0,0x20,0xfffa2000), 0x20 is the count which should be read, and the 0xfffa2000 is the</div>
<div>virtual address of (0x70000).</div>
<div>usb_new_read call readwrite_blocks then execute_command. after executed wrap_cbw in execute_command.</div>
<div>it should call dev->controller->bulk, this address is a wrong address. my debug information are below:</div>
<div> </div>
<div><br>BIOS Debugger</div>
<div>Node : 0, Core : 0</div>
<div>rAX= 8020425D rBX= 00000000 rCX= 00108F15 <font color="#ff0000">rDX= 50588214</font> <br>rSI= 00108FE8 rDI= FFF97D20 rBP= 00108F38 rSP= 00108EF0 <br><font color="#ff0000">rIP= 00006F22</font> </div>
<div>CS Sel= 0008 DS Sel= 0010 ES Sel= 0010 FS Sel= 0000 GS Sel= 0000 SS Sel= 0010 </div>
<div>CF PF AF ZF SF TF IF DF OF IOPL NT RF VM AC VIF VIP ID <br>0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 </div>
<div>0008:00006EC3 C7 45 FC 01 00 00 00 mov [ebp-04h],00000001h <br>0008:00006ECA 8B 45 14 mov eax,[ebp+14h] <br>0008:00006ECD 89 44 24 10 mov [esp+10h],eax <br>0008:00006ED1 8B 45 10 mov eax,[ebp+10h] <br>
0008:00006ED4 89 44 24 0C mov [esp+0ch],eax <br>0008:00006ED8 8B 45 0C mov eax,[ebp+0ch] <br>0008:00006EDB 89 44 24 08 mov [esp+08h],eax <br>0008:00006EDF 8B 45 1C mov eax,[ebp+1ch] <br>
0008:00006EE2 89 44 24 04 mov [esp+04h],eax <br>0008:00006EE6 8D 45 DD lea eax,[ebp-23h] <br>0008:00006EE9 89 04 24 mov [esp],eax <br><font color="#ff0000">0008:00006EEC E8 CF FE FF FF call loc_00006dc0h</font> /*this is wrap_cbw*/<br>
0008:00006EF1 8B 45 08 mov eax,[ebp+08h] <br>0008:00006EF4 8B 00 mov eax,[eax] <br>0008:00006EF6 8B 90 20 02 00 00 mov edx,[eax+00000220h] <br>0008:00006EFC 8D 4D DD lea ecx,[ebp-23h] <br>
0008:00006EFF 8B 45 08 mov eax,[ebp+08h] <br>0008:00006F02 8B 80 18 03 00 00 mov eax,[eax+00000318h] <br>0008:00006F08 8B 40 0C mov eax,[eax+0ch] <br>0008:00006F0B C7 44 24 0C 00 00 00 00 mov [esp+0ch],00000000h <br>
0008:00006F13 89 4C 24 08 mov [esp+08h],ecx <br>0008:00006F17 C7 44 24 04 1F 00 00 00 mov [esp+04h],0000001fh <br>0008:00006F1F 89 04 24 mov [esp],eax <br><font color="#ff0000">0008:00006F22 FF D2 call edx</font> /*here it will jump into <font color="#ff0000">50588214*/</font><br>
0008:00006F24 85 C0 test eax,eax <br>0008:00006F26 74 20 jz loc_00006f48h <br>0008:00006F28 8B 45 08 mov eax,[ebp+08h] <br>0008:00006F2B 8B 80 18 03 00 00 mov eax,[eax+00000318h] <br>
0008:00006F31 8B 40 0C mov eax,[eax+0ch] <br>0008:00006F34 89 04 24 mov [esp],eax <br>0008:00006F37 E8 8C CF FF FF call loc_00003ec8h <br>0008:00006F3C C7 45 CC 01 00 00 00 mov [ebp-34h],00000001h <br>
0008:00006F43 E9 1C 01 00 00 jmp loc_00007064h <br>0008:00006F48 C7 04 24 0A 00 00 00 mov [esp],0000000ah <br>0008:00006F4F E8 5F 9C FF FF call loc_00000bb3h <br>0008:00006F54 81 7D 0C 80 00 00 00 cmp [ebp+0ch],00000080h <br>
0008:00006F5B 75 56 jnz loc_00006fb3h <br>0008:00006F5D 8B 45 08 mov eax,[ebp+08h] <br>0008:00006F60 8B 00 mov eax,[eax] <br>0008:00006F62 8B 88 20 02 00 00 mov ecx,[eax+00000220h] <br>
0008:00006F68 8B 45 08 mov eax,[ebp+08h] <br>0008:00006F6B 8B 80 18 03 00 00 mov eax,[eax+00000318h] <br>0008:00006F71 8B 50 08 mov edx,[eax+08h] <br>0008:00006F74 C7 44 24 0C 00 00 00 00 mov [esp+0ch],00000000h <br>
0008:00006F7C 8B 45 18 mov eax,[ebp+18h] <br>0008:00006F7F 89 44 24 08 mov [esp+08h],eax <br>0008:00006F83 8B 45 1C mov eax,[ebp+1ch] <br>0008:00006F86 89 44 24 04 mov [esp+04h],eax <br>
0008:00006F8A 89 14 24 mov [esp],edx <br>0008:00006F8D FF D1 call ecx </div>
<div> </div>
<div> </div>
<div>Kevin allow remind me that usbrom have an 1M heap which will overwrite SeaBIOS in the 0xf0000. That may also a problem.</div>
<div>any suggestion is welcome.<br></div>
<div> <br>-- <br>Jason Wang <br>Peking University<br></div>