[coreboot] usbrom debugging

Jason Wang wangqingpei at gmail.com
Sat Aug 22 22:03:40 CEST 2009


Hi all,
    I am trying to debug why the grub crashed (under usbrom) after loading
certain blocks into the memory.
My new found is that while usbrom is trying to load (block lba=0x0019a9e0).
it crashed. the flow is
usb_new_read(0,0x0019a9e0,0x20,0xfffa2000), 0x20 is the count which should
be read, and the 0xfffa2000 is the
virtual address of (0x70000).
usb_new_read call readwrite_blocks then execute_command. after executed
wrap_cbw in execute_command.
it should call dev->controller->bulk, this address is a wrong address. my
debug information are below:


BIOS Debugger
Node : 0, Core : 0
rAX= 8020425D rBX= 00000000 rCX= 00108F15 rDX= 50588214
rSI= 00108FE8 rDI= FFF97D20 rBP= 00108F38 rSP= 00108EF0
rIP= 00006F22
CS Sel= 0008 DS Sel= 0010 ES Sel= 0010 FS Sel= 0000 GS Sel= 0000 SS
Sel= 0010
CF PF AF ZF SF TF IF DF OF IOPL NT RF VM AC VIF VIP ID
0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0008:00006EC3   C7 45 FC 01 00 00 00    mov   [ebp-04h],00000001h
0008:00006ECA   8B 45 14      mov   eax,[ebp+14h]
0008:00006ECD   89 44 24 10      mov   [esp+10h],eax
0008:00006ED1   8B 45 10      mov   eax,[ebp+10h]
0008:00006ED4   89 44 24 0C      mov   [esp+0ch],eax
0008:00006ED8   8B 45 0C      mov   eax,[ebp+0ch]
0008:00006EDB   89 44 24 08      mov   [esp+08h],eax
0008:00006EDF   8B 45 1C      mov   eax,[ebp+1ch]
0008:00006EE2   89 44 24 04      mov   [esp+04h],eax
0008:00006EE6   8D 45 DD      lea   eax,[ebp-23h]
0008:00006EE9   89 04 24      mov   [esp],eax
0008:00006EEC   E8 CF FE FF FF    call   loc_00006dc0h   /*this is
wrap_cbw*/
0008:00006EF1   8B 45 08      mov   eax,[ebp+08h]
0008:00006EF4   8B 00      mov   eax,[eax]
0008:00006EF6   8B 90 20 02 00 00     mov   edx,[eax+00000220h]
0008:00006EFC   8D 4D DD      lea   ecx,[ebp-23h]
0008:00006EFF   8B 45 08      mov   eax,[ebp+08h]
0008:00006F02   8B 80 18 03 00 00     mov   eax,[eax+00000318h]
0008:00006F08   8B 40 0C      mov   eax,[eax+0ch]
0008:00006F0B   C7 44 24 0C 00 00 00 00    mov   [esp+0ch],00000000h
0008:00006F13   89 4C 24 08      mov   [esp+08h],ecx
0008:00006F17   C7 44 24 04 1F 00 00 00    mov   [esp+04h],0000001fh
0008:00006F1F   89 04 24      mov   [esp],eax
0008:00006F22   FF D2      call   edx   /*here it will jump into 50588214*/
0008:00006F24   85 C0      test   eax,eax
0008:00006F26   74 20      jz   loc_00006f48h
0008:00006F28   8B 45 08      mov   eax,[ebp+08h]
0008:00006F2B   8B 80 18 03 00 00     mov   eax,[eax+00000318h]
0008:00006F31   8B 40 0C      mov   eax,[eax+0ch]
0008:00006F34   89 04 24      mov   [esp],eax
0008:00006F37   E8 8C CF FF FF     call   loc_00003ec8h
0008:00006F3C   C7 45 CC 01 00 00 00    mov   [ebp-34h],00000001h
0008:00006F43   E9 1C 01 00 00     jmp   loc_00007064h
0008:00006F48   C7 04 24 0A 00 00 00    mov   [esp],0000000ah
0008:00006F4F   E8 5F 9C FF FF     call   loc_00000bb3h
0008:00006F54   81 7D 0C 80 00 00 00    cmp   [ebp+0ch],00000080h
0008:00006F5B   75 56      jnz   loc_00006fb3h
0008:00006F5D   8B 45 08      mov   eax,[ebp+08h]
0008:00006F60   8B 00      mov   eax,[eax]
0008:00006F62   8B 88 20 02 00 00     mov   ecx,[eax+00000220h]
0008:00006F68   8B 45 08      mov   eax,[ebp+08h]
0008:00006F6B   8B 80 18 03 00 00     mov   eax,[eax+00000318h]
0008:00006F71   8B 50 08      mov   edx,[eax+08h]
0008:00006F74   C7 44 24 0C 00 00 00 00    mov   [esp+0ch],00000000h
0008:00006F7C   8B 45 18      mov   eax,[ebp+18h]
0008:00006F7F   89 44 24 08      mov   [esp+08h],eax
0008:00006F83   8B 45 1C      mov   eax,[ebp+1ch]
0008:00006F86   89 44 24 04    mov   [esp+04h],eax
0008:00006F8A   89 14 24    mov   [esp],edx
0008:00006F8D   FF D1    call   ecx


Kevin allow remind me that usbrom have an 1M heap which  will overwrite
SeaBIOS in the 0xf0000. That may also a problem.
any suggestion is welcome.

-- 
Jason Wang
Peking University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20090823/d1e1fe4f/attachment.html>


More information about the coreboot mailing list