#9685 closed bug (fixed)
OpenGL apps crashes
Reported by: | Giova84 | Owned by: | kallisti5 |
---|---|---|---|
Priority: | high | Milestone: | R1/beta1 |
Component: | Kits/OpenGL Kit | Version: | R1/Development |
Keywords: | opengl applications crash error | Cc: | |
Blocked By: | Blocking: | ||
Platform: | x86 |
Description
hrev45525 If i launch GLTeapot or any other app which use OpenGL (eg the game BillardGL or Quake II) i always got an error. Files attached: crash report of BillardGL, GLTeapot and the part of syslog related to error.
Attachments (4)
Change History (44)
by , 12 years ago
Attachment: | syslog.txt added |
---|
by , 12 years ago
Attachment: | BillardGL-1652-debug-18-04-2013-23-55-14.report added |
---|
by , 12 years ago
Attachment: | GLTeapot-1475-debug-18-04-2013-23-53-14.report added |
---|
comment:1 by , 12 years ago
comment:3 by , 12 years ago
KERN: vm_page_fault: thread "BillardGL" (1625) in team "BillardGL" (1625) tried to execute address 0x3d2d5e8, ip 0x3d2d5e8 ("heap" +0x415e8)
Mesa attempts to execute a code that is placed on the heap without explicitly setting area protection to executable. The best solution would be probably to fix Mesa so that it creates a new area for this (apparently generated) code with both write and execute flags.
Making the whole heap executable would undoubtedly also fix this problem but that's certainly not a nice solution.
follow-up: 5 comment:4 by , 12 years ago
Question is does we have an userland API to create an executable area!? Which, ironically, will make all this ASLR & co security effort quite pointless...
comment:5 by , 12 years ago
Replying to phoudoin:
Question is does we have an userland API to create an executable area!?
The B_EXECUTE_AREA
flag for create_area()
and friends is currently private (though we should change that eventually). However, the <sys/mman.h> API already allows creation of/changing protection to executable memory ranges.
Which, ironically, will make all this ASLR & co security effort quite pointless...
Well, that's a bit exaggerated. It is certainly thinkable that the API is used in an attack vector, but using it is made significantly more difficult due to DEP and ASLR.
comment:6 by , 12 years ago
Agreed, I was a bit exaggerating.
Anyway, AFAICT, something should be done in Mesa's src/mesa/main/execmem.c to add Haiku's support now that we do have DEP... Currently it fallback to use malloc'ed() memory, hence the permission denied when code is running from there...
comment:7 by , 12 years ago
Thanks for finding that phoudoin. I've been out of town so I haven't had a chance to look at this.
If you want to give fixing it a try, there is a bep in haikuports for the gcc2 mesa build package. The change needs to occur in the patch in haikuports for mesa 7.8.2.
http://ports.haiku-files.org/browser/haikuports/sys-libs/mesa
Otherwise I can give fixing it a shot this weekend.
comment:8 by , 12 years ago
If we need to change the upstream Mesa (Mesa-9.2-dev, gcc4) as well for this, I can commit the change to Mesa mainline once we have a solution.
comment:10 by , 12 years ago
This problem would only occur if NX is available/enabled, which might not be the case for whatever CPU vbox emulates in your case.
comment:11 by , 12 years ago
Priority: | normal → high |
---|
Looking into this now. Bumping the priority up as it breaks the OpenGL Kit which should be considered a core OS feature.
comment:12 by , 12 years ago
attached is my first go at execmem.c. I haven't tested it (or even tried compiling it yet) but wanted to get it somewhere public. I plan on testing this tonight.
follow-up: 14 comment:13 by , 12 years ago
Is there a particular reason not to use the Linux/*BSD/... code in the first place? I don't know about the other mesa interfaces it uses, but the only system dependency in there seems to be the mmap()
call, which should work just fine on Haiku.
comment:14 by , 12 years ago
Replying to bonefish:
Is there a particular reason not to use the Linux/*BSD/... code in the first place? I don't know about the other mesa interfaces it uses, but the only system dependency in there seems to be the
mmap()
call, which should work just fine on Haiku.
Amusingly, we had that same discussion in IRC earlier - and came to the same conclusin :)
comment:15 by , 12 years ago
mmap used to result in crashes when I first ported Mesa 7.8.2, it seems to work now 100%. I updated the Mesa 7.8.2 haikuports patch to use mmap. (https://bitbucket.org/haikuports/haikuports/commits/a66ef90360d59d72034fb86af336ed50da9bdc84)
I also pushed up an updated gcc2 package and updated the BuildFeatures (hrev45555)
This still needs done for gcc4 so I'm leaving the issue open.
comment:16 by , 12 years ago
Hi Kallisti, great work! But i have noticed a thing. I have just upgraded to hrev45555. But i have found that OpenGL apps are slower than before! If i start GLTeapot on hrev45555 i can see a max fps of 290-300, and if i run GLTeapot on Alpha 4.1 and on hrev45516 i can see a max FPS of 400-450. Obviously on the same computer.
follow-up: 19 comment:17 by , 12 years ago
if i start GLTeapot from a Terminal window, i can read:
Ϟ 14:03:32 Ϟ ~ /boot/home/config/settings/deskbar/Demos/GLTeapot Mesa: CPU vendor: GenuineIntel Mesa: CPU name: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz Mesa: Mesa 7.8.2 DEBUG build Apr 24 2013 20:39:02 Mesa warning: couldn't open libtxc_dxtn.so, software DXTn compression/decompression unavailable Mesa: MMX cpu detected. Mesa: SSE cpu detected. Mesa: Not testing OS support for SSE, leaving enabled. Ϟ 14:03:45 Ϟ ~
Instead if i start GLTeapot in a Terminal window under Alpha 4.1 there is no output. Maybe is related to debug? p.s: intel_extreme driver is used on an Intel G45 videocard.
comment:18 by , 12 years ago
Sorry for the noise :-) With hrev45555 i am no longer able to run Quake II. syslog:
KERN: instruction fetch attempted on execute-protected area 0x5162 at 0x0234b000 KERN: vm_page_fault: vm_soft_fault returned error 'Permission denied' on fault at 0x234b735, ip 0x234b735, write 0, user 1, thread 0x32c KERN: vm_page_fault: thread "Quake_Run" (812) in team "Quake2" (806) tried to execute address 0x234b735, ip 0x234b735 ("ref_soft.so_seg0ro" +0x17735) KERN: debug_server: Thread 812 entered the debugger: Segment violation KERN: stack trace, current PC 0x234b735 Sys_MakeCodeWriteable + 0x15: KERN: (0x45bc914) 0x74666f73 KERN: vm_soft_fault: va 0x5f666000 not covered by area in address space KERN: vm_page_fault: vm_soft_fault returned error 'Bad address' on fault at 0x5f666572, ip 0x8012546b, write 0, user 0, thread 0x32d KERN: debug_server: Killing team 806 (/boot/apps/Quake2/Quake2) KERN: debug_server: TeamDebugHandler::Init(): Failed to get info for team 806: Operation on invalid team KERN: debug_server: KillTeam(): Error getting info for team 806: Operation on invalid team KERN: debug_server: Killing team 806 () USER: application/x-vnd.id-Quake killed for a problem in DirectConnected(): Operation timed out KERN: bfs: bfs_stat_index:2118: No such file or directory Last message repeated 1 time KERN: Last message repeated 2 times. USER: application/x-glut-demo killed for a problem in DirectConnected(): Operation timed out KERN: slab memory manager: created area 0xf1001000 (21615) KERN: libnetwork.so running in R5 compatibility mode. KERN: instruction fetch attempted on execute-protected area 0x54ca at 0x0214f000 KERN: vm_page_fault: vm_soft_fault returned error 'Permission denied' on fault at 0x214f735, ip 0x214f735, write 0, user 1, thread 0x38b KERN: vm_page_fault: thread "Quake_Run" (907) in team "Quake2" (901) tried to execute address 0x214f735, ip 0x214f735 ("ref_soft.so_seg0ro" +0x17735) KERN: debug_server: Thread 907 entered the debugger: Segment violation KERN: stack trace, current PC 0x214f735 Sys_MakeCodeWriteable + 0x15: KERN: (0x41cb914) 0x74666f73 KERN: vm_soft_fault: va 0x5f666000 not covered by area in address space KERN: vm_page_fault: vm_soft_fault returned error 'Bad address' on fault at 0x5f666572, ip 0x8012546b, write 0, user 0, thread 0x38c KERN: debug_server: Killing team 901 (/boot/apps/Quake2/Quake2) KERN: debug_server: TeamDebugHandler::Init(): Failed to get info for team 901: Operation on invalid team KERN: debug_server: KillTeam(): Error getting info for team 901: Operation on invalid team KERN: debug_server: Killing team 901 () USER: application/x-vnd.id-Quake killed for a problem in DirectConnected(): Operation timed out KERN: libnetwork.so running in R5 compatibility mode. KERN: instruction fetch attempted on execute-protected area 0x58d4 at 0x00dd1000 KERN: vm_page_fault: vm_soft_fault returned error 'Permission denied' on fault at 0xdd1735, ip 0xdd1735, write 0, user 1, thread 0x3b5 KERN: vm_page_fault: thread "Quake_Run" (949) in team "Quake2" (943) tried to execute address 0xdd1735, ip 0xdd1735 ("ref_soft.so_seg0ro" +0x17735) KERN: debug_server: Thread 949 entered the debugger: Segment violation KERN: stack trace, current PC 0xdd1735 Sys_MakeCodeWriteable + 0x15: KERN: (0x53f1914) 0x74666f73 KERN: vm_soft_fault: va 0x5f666000 not covered by area in address space KERN: vm_page_fault: vm_soft_fault returned error 'Bad address' on fault at 0x5f666572, ip 0x8012546b, write 0, user 0, thread 0x3b6 KERN: debug_server: Killing team 943 (/boot/apps/Quake2/Quake2) KERN: debug_server: TeamDebugHandler::Init(): Failed to get info for team 943: Operation on invalid team KERN: debug_server: KillTeam(): Error getting info for team 943: Operation on invalid team KERN: debug_server: Killing team 943 () USER: application/x-vnd.id-Quake killed for a problem in DirectConnected(): Operation timed out
comment:19 by , 12 years ago
Mesa: Mesa 7.8.2 DEBUG build Apr 24 2013 20:39:02
Seems like Mesa 7.8.2 package was built with DEBUG turn on, which could explain the running performance difference.
comment:21 by , 12 years ago
odd.. I had DEBUG disabled in the new package build.
Maybe the older Mesa DEBUG check is a #if defined vs an #if. I'll look into it this evening.
comment:22 by , 12 years ago
I plead guilty: config/beos is broken regarding DEBUG env variable. It doesn't check its value and assume its existence means it's enabled.
comment:23 by , 12 years ago
The gcc4 Mesa 9.1.1 package was updated with this change as well in hrev45560 + https://bitbucket.org/haikuports/haikuports/commits/8a55428
I have a patch submitted to Mesa mainline and will commit it if no-one pushes back, it may not make it in until Mesa 9.2 or later however.
I'm still leaving this issue open to rebuild / fix the Mesa 7.8.2 DEBUG stuff and to ensure the patch gets accepted upstream.
comment:24 by , 12 years ago
Hi Kallisti,
Some info about this issue https://dev.haiku-os.org/ticket/9685#comment:18 ?
comment:26 by , 12 years ago
Milestone: | R1 → R1/beta1 |
---|---|
Resolution: | → fixed |
Status: | new → closed |
https://bitbucket.org/haikuports/haikuports/commits/644976f should fix the debug issue.
hrev45581 updated the Mesa package
Should be resolved now, feel free to reopen this if you still see problems.
follow-up: 28 comment:27 by , 12 years ago
Hi Kallisti, well done! Now OpenGL apps work ok at full performance! But Quake II still crash as before:
KERN: instruction fetch attempted on execute-protected area 0x5162 at 0x0234b000 KERN: vm_page_fault: vm_soft_fault returned error 'Permission denied' on fault at 0x234b735, ip 0x234b735, write 0, user 1, thread 0x32c KERN: vm_page_fault: thread "Quake_Run" (812) in team "Quake2" (806) tried to execute address 0x234b735, ip 0x234b735 ("ref_soft.so_seg0ro" +0x17735) KERN: debug_server: Thread 812 entered the debugger: Segment violation KERN: stack trace, current PC 0x234b735 Sys_MakeCodeWriteable + 0x15: KERN: (0x45bc914) 0x74666f73 KERN: vm_soft_fault: va 0x5f666000 not covered by area in address space KERN: vm_page_fault: vm_soft_fault returned error 'Bad address' on fault at 0x5f666572, ip 0x8012546b, write 0, user 0, thread 0x32d KERN: debug_server: Killing team 806 (/boot/apps/Quake2/Quake2) KERN: debug_server: TeamDebugHandler::Init(): Failed to get info for team 806: Operation on invalid team KERN: debug_server: KillTeam(): Error getting info for team 806: Operation on invalid team KERN: debug_server: Killing team 806 () USER: application/x-vnd.id-Quake killed for a problem in DirectConnected(): Operation timed out KERN: bfs: bfs_stat_index:2118: No such file or directory Last message repeated 1 time KERN: Last message repeated 2 times. USER: application/x-glut-demo killed for a problem in DirectConnected(): Operation timed out KERN: slab memory manager: created area 0xf1001000 (21615) KERN: libnetwork.so running in R5 compatibility mode. KERN: instruction fetch attempted on execute-protected area 0x54ca at 0x0214f000 KERN: vm_page_fault: vm_soft_fault returned error 'Permission denied' on fault at 0x214f735, ip 0x214f735, write 0, user 1, thread 0x38b KERN: vm_page_fault: thread "Quake_Run" (907) in team "Quake2" (901) tried to execute address 0x214f735, ip 0x214f735 ("ref_soft.so_seg0ro" +0x17735) KERN: debug_server: Thread 907 entered the debugger: Segment violation KERN: stack trace, current PC 0x214f735 Sys_MakeCodeWriteable + 0x15: KERN: (0x41cb914) 0x74666f73 KERN: vm_soft_fault: va 0x5f666000 not covered by area in address space KERN: vm_page_fault: vm_soft_fault returned error 'Bad address' on fault at 0x5f666572, ip 0x8012546b, write 0, user 0, thread 0x38c KERN: debug_server: Killing team 901 (/boot/apps/Quake2/Quake2) KERN: debug_server: TeamDebugHandler::Init(): Failed to get info for team 901: Operation on invalid team KERN: debug_server: KillTeam(): Error getting info for team 901: Operation on invalid team KERN: debug_server: Killing team 901 () USER: application/x-vnd.id-Quake killed for a problem in DirectConnected(): Operation timed out KERN: libnetwork.so running in R5 compatibility mode. KERN: instruction fetch attempted on execute-protected area 0x58d4 at 0x00dd1000 KERN: vm_page_fault: vm_soft_fault returned error 'Permission denied' on fault at 0xdd1735, ip 0xdd1735, write 0, user 1, thread 0x3b5 KERN: vm_page_fault: thread "Quake_Run" (949) in team "Quake2" (943) tried to execute address 0xdd1735, ip 0xdd1735 ("ref_soft.so_seg0ro" +0x17735) KERN: debug_server: Thread 949 entered the debugger: Segment violation KERN: stack trace, current PC 0xdd1735 Sys_MakeCodeWriteable + 0x15: KERN: (0x53f1914) 0x74666f73 KERN: vm_soft_fault: va 0x5f666000 not covered by area in address space KERN: vm_page_fault: vm_soft_fault returned error 'Bad address' on fault at 0x5f666572, ip 0x8012546b, write 0, user 0, thread 0x3b6 KERN: debug_server: Killing team 943 (/boot/apps/Quake2/Quake2) KERN: debug_server: TeamDebugHandler::Init(): Failed to get info for team 943: Operation on invalid team KERN: debug_server: KillTeam(): Error getting info for team 943: Operation on invalid team KERN: debug_server: Killing team 943 () USER: application/x-vnd.id-Quake killed for a problem in DirectConnected(): Operation timed out
follow-ups: 30 34 comment:28 by , 12 years ago
Replying to Giova84:
Hi Kallisti, well done! Now OpenGL apps work ok at full performance! But Quake II still crash as before:
Well, as it doesn't seems to be due to OpenGL kit but to what is done (or not done yet) in Haiku/BeOS port of Quake 2's Sys_MakeCodeWriteable() function.
On other ports, it's calling mprotect() AFAICT. Could you give us from where did you get the Quake2 port crashing here, so one try to follow the lead to the port source code? Thanks.
PS: as it doesn't due to OpenGL Kit, Quake2 being a third party app, maybe this ticket should be closed anyway.
comment:29 by , 12 years ago
Indeed, that part's simply Quake II needing to be adapted to a DEP world.
comment:30 by , 12 years ago
Replying to phoudoin:
Well, as it doesn't seems to be due to OpenGL kit but to what is done (or not done yet) in Haiku/BeOS port of Quake 2's Sys_MakeCodeWriteable() function.
On other ports, it's calling mprotect() AFAICT. Could you give us from where did you get the Quake2 port crashing here, so one try to follow the lead to the port source code? Thanks.
Quake II is available here: http://haikuware.com/directory/view-details/games/3d/quakeii And until 2 months ago i was able to properly start Quake II on Haiku, so this issue could be related to a recent change in some place of Haiku.
follow-up: 36 comment:31 by , 12 years ago
Yes, it's because we now enable hardware DEP on CPUs that support it. Consequently if the app wants to generate code to execute on the fly, it needs to map the area containing that code as executable or the CPU won't allow it.
comment:32 by , 12 years ago
Thank you for the explanation, anevilyak! So, for this issue, should i open a new ticket?
comment:33 by , 12 years ago
If Quake II has a bugtracker, sure. Since it's a third party app, the Haiku bug tracker however isn't the place to be filing tickets against it.
comment:34 by , 12 years ago
After a quick search on Google, seems that a bug tracker for Quake II isn't available.
In anyway, for reply to phoudoin:
Replying to phoudoin:
Could you give us from where did you get the Quake2 port crashing here, so one try to follow the lead to the port source code? Thanks.
Seems that the source code is available here: https://github.com/id-Software/Quake-2 shouldn't be too hard port it again on Haiku?
comment:35 by , 12 years ago
Giova84: It shouldn't be too hard to port again if the code exists. If you want some Haiku programming experience, making a github fork and trying to port it may be good practice :)
Otherwise you'll need to try and talk someone into porting it.
For what it's worth, I re-ported quake3 a while back: https://github.com/kallisti5/quake3
It doesn't run very quickly unless your running the gcc4 image + llvmpipe opengl renderer (which is broken atm, but i'm actively trying to fix that)
comment:36 by , 12 years ago
Replying to anevilyak:
Yes, it's because we now enable hardware DEP on CPUs that support it. Consequently if the app wants to generate code to execute on the fly, it needs to map the area containing that code as executable or the CPU won't allow it.
Would be possible to enable or disable DEP selectively by application ? Windows can do this, and can be useful in many cases.
comment:37 by , 12 years ago
The problem with Quake II is that the runtime loader correctly sets ref_soft.so_seg0ro
protection to read and execute but then Quake II sets its protection to read and write (i.e. in an attempt to make it writable it makes it non-executable).
Disabling DEP might indeed be a good solution. Since we have the comfort of having libroot
I do believe the best way to do this would be to set B_EXECUTE_AREA
for all areas that are created (or have their protection modified) by applications that the runtime loader recognizes as B_HAIKU_ABI_GCC_2_BEOS
.
follow-up: 40 comment:38 by , 11 years ago
Just for the record, since hrev45685 DEP is disabled for applications that runtime loader recognizes as B_HAIKU_ABI_GCC_2_BEOS
or B_HAIKU_ABI_GCC_2_ANCIENT
. For example, that old port of Quake II should work again.
comment:39 by , 11 years ago
Hi pdziepak. nice to know about this implementation! I will test hrev45685 when available on www.haiku-files.org and i will send you a feedback :-)
Does it happen on revs prior to hrev45518?
Curious if this is related to the new ASLR enhancements.