[Boot Loader] goes into Death Land with 4 CPUs in VMware

[diver]

This is hrev48304 in VMware Fusion 7.0.1 on OS X 10.8.5.

Possible number of CPUs in VM settings: 1,2,3,4,6,8

Haiku boots with any number except 4.

options = 0
APM version 1.2 available, flags 3.
Page-Fault Exception: read fault at address: 0x81106000
Welcome to Boot Loader Death Land!

 eax 0x51          ebx 0x81105faf     ecx 0xffffff87  edx 0x5c      
 esi 0xf6ac0       edi 0x24           ebp 0xff50      esp 0xff3c    
 eip 0x13f68    eflags 0x210097  

       frame    return address
  0x0000ff50        0x00013f68
  0x0000ff80        0x00014073
  0x0000ffb0        0x00014167
  0x0000fff0        0x000105c1
  0x0000fff8        0x00010257

Press a key to reboot.

[diver]

sysctl -a | grep machdep.cpu

[bonefish]

Assuming you built the image yourself, can you please attach the file "objects/haiku/<primaryArch>/release/system/boot/boot_loader_bios_ia32" (replace <primaryArch> respectively) from your generated directory, so we can decode the stack trace.

[diver]

Actually, this Haiku revision was installed with pkgman update.

[bonefish]

Which primary architecture?

[diver]

This is x86_gcc2

[bonefish]

Stack trace is:

acpi_validate_rsdt(acpi_descriptor_header *)
acpi_check_rsdt(acpi_rsdp_extended *)
acpi_init()
_start()
multiboot_start()

Disassembly with crashing instruction:

00013f50 <acpi_validate_rsdt(acpi_descriptor_header *)>:
   13f50:       55                      push   %ebp
   13f51:       89 e5                   mov    %esp,%ebp
   13f53:       53                      push   %ebx
   13f54:       8b 55 08                mov    0x8(%ebp),%edx
   13f57:       89 d3                   mov    %edx,%ebx
   13f59:       b1 00                   mov    $0x0,%cl
   13f5b:       31 c0                   xor    %eax,%eax
   13f5d:       3b 42 04                cmp    0x4(%edx),%eax
   13f60:       73 0e                   jae    13f70 <acpi_validate_rsdt(acpi_descriptor_header *)+0x20>
   13f62:       8b 52 04                mov    0x4(%edx),%edx
   13f65:       8d 76 00                lea    0x0(%esi),%esi
>> 13f68:       02 0c 18                add    (%eax,%ebx,1),%cl
   13f6b:       40                      inc    %eax
   13f6c:       39 d0                   cmp    %edx,%eax
   13f6e:       72 f8                   jb     13f68 <acpi_validate_rsdt(acpi_descriptor_header *)+0x18>
   13f70:       31 c0                   xor    %eax,%eax
   13f72:       84 c9                   test   %cl,%cl
   13f74:       74 05                   je     13f7b <acpi_validate_rsdt(acpi_descriptor_header *)+0x2b>
   13f76:       b8 10 00 00 80          mov    $0x80000010,%eax
   13f7b:       5b                      pop    %ebx
   13f7c:       89 ec                   mov    %ebp,%esp
   13f7e:       5d                      pop    %ebp
   13f7f:       c3                      ret    

The crashing instruction corresponds to the source line checksum += data[i]; (cf. ​src/system/boot/platform/bios_ia32/acpi.cpp). i is 0x51 (eax) which moves the read access to the next page (0x81106000), which is apparently not mapped. CC'ing to the people who touched the code in the past.

[waddlesplash]

This looks *extremely* similar to #10351. I wonder if they're the same?

[korli]

The ACPI code seems correct (the same code works fine in the kernel). Could it be that the mapping of second page fail or isn't taken into account? We actually map the first page, unmap it, map it again and map the next one.

I compared with FreeBSD, and one difference is they clobber the memory on the invlpg instruction.

[anevilyak]

(In #12036) Closing as duplicate of #11470.

[diver]

On another PC I have updated VMware Workstation from version 14 to 15 and now get Boot Loader Death Land with 2 CPUs. It boots with 1 and 4 CPUs here.