[Bug 285853] hv_hid: kernel built with -O0 panics in hv_hid_probe()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 19 Feb 2026 15:20:40 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285853
Zhenlei Huang <zlei@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |zlei@FreeBSD.org
--- Comment #2 from Zhenlei Huang <zlei@FreeBSD.org> ---
(In reply to Lexi Winter from comment #0)
> (kgdb) disass hv_hid_probe
> Dump of assembler code for function hv_hid_probe:
> 0xffffffff83d11000 <+0>: add %al,(%rax)
> 0xffffffff83d11002 <+2>: add %al,(%rax)
> 0xffffffff83d11004 <+4>: add %al,(%rax)
> 0xffffffff83d11006 <+6>: add %al,(%rax)
> 0xffffffff83d11008 <+8>: add %al,(%rax)
> 0xffffffff83d1100a <+10>: add %al,(%rax)
Those disassembly looks weird to me. In x86_64 ABI, the rax register is used to
stash a return value. Typically a start of a function, say `hv_hid_probe()` in
this case, would like to save registers but not firstly operate on rax.
The rax,
> rax: ffffffff83d11000 rbx: 000019e97c87cf20 rbp: fffffe0092594790
is the address of the function hv_hid_probe(), but `add %al,(%rax)` wants to
write 1 byte to (%rax) which is absolutely wrong to me. On loading a module,
the linker will set write protecting for .text section, hence you got
> fault code = supervisor write data, protection violation
which is a runtime exception.
My local kernel config is almost identical with yours,
```
zlei@:~/freebsd-src-releng-15.0 % cat sys/amd64/conf/GENERIC-NOOPT
#
# GENERIC-NOOPT -- disable compiler optimize
#
include GENERIC
ident GENERIC-NOOPT
makeoptions COPTFLAGS="-O0 -fno-strict-aliasing"
options KSTACK_PAGES=20
```
And the disassembly looks good to me,
```
zlei@:~ % objdump --disassemble-symbols=hv_hid_probe
/usr/obj/usr/home/zlei/freebsd-src-releng-15.0/amd64.amd64/sys/GENERIC-NOOPT/modules/usr/home/zlei/freebsd-src-releng-15.0/sys/modules/hyperv/hid/hv_hid.ko
/usr/obj/usr/home/zlei/freebsd-src-releng-15.0/amd64.amd64/sys/GENERIC-NOOPT/modules/usr/home/zlei/freebsd-src-releng-15.0/sys/modules/hyperv/hid/hv_hid.ko:
file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <hv_hid_probe>:
0: 55 pushq %rbp
1: 48 89 e5 movq %rsp, %rbp
4: 41 57 pushq %r15
6: 41 56 pushq %r14
8: 53 pushq %rbx
9: 50 pushq %rax
a: 48 89 fb movq %rdi, %rbx
d: e8 00 00 00 00 callq 0x12 <hv_hid_probe+0x12>
12: 48 89 c7 movq %rax, %rdi
15: 31 f6 xorl %esi, %esi
17: e8 00 00 00 00 callq 0x1c <hv_hid_probe+0x1c>
1c: 41 be 06 00 00 00 movl $0x6, %r14d
22: 85 c0 testl %eax, %eax
24: 75 62 jne 0x88 <hv_hid_probe+0x88>
26: 48 89 df movq %rbx, %rdi
29: e8 00 00 00 00 callq 0x2e <hv_hid_probe+0x2e>
2e: 49 89 c7 movq %rax, %r15
31: 48 8b 08 movq (%rax), %rcx
34: 0f b6 15 00 00 00 00 movzbl (%rip), %edx # 0x3b
<hv_hid_probe+0x3b>
3b: 48 8b 04 d1 movq (%rcx,%rdx,8), %rax
3f: 48 81 38 00 00 00 00 cmpq $0x0, (%rax)
46: 74 17 je 0x5f <hv_hid_probe+0x5f>
48: 48 8d 34 d1 leaq (%rcx,%rdx,8), %rsi
4c: 48 8b b9 00 08 00 00 movq 0x800(%rcx), %rdi
53: 48 c7 c2 00 00 00 00 movq $0x0, %rdx
5a: e8 00 00 00 00 callq 0x5f <hv_hid_probe+0x5f>
5f: 4c 89 ff movq %r15, %rdi
62: 48 89 de movq %rbx, %rsi
65: 48 c7 c2 00 00 00 00 movq $0x0, %rdx
6c: ff 50 08 callq *0x8(%rax)
6f: 85 c0 testl %eax, %eax
71: 75 15 jne 0x88 <hv_hid_probe+0x88>
73: 48 89 df movq %rbx, %rdi
76: 48 c7 c6 00 00 00 00 movq $0x0, %rsi
7d: e8 00 00 00 00 callq 0x82 <hv_hid_probe+0x82>
82: 41 be ec ff ff ff movl $0xffffffec, %r14d # imm =
0xFFFFFFEC
88: 44 89 f0 movl %r14d, %eax
8b: 48 83 c4 08 addq $0x8, %rsp
8f: 5b popq %rbx
90: 41 5e popq %r14
92: 41 5f popq %r15
94: 5d popq %rbp
95: c3 retq
96: 66 2e 0f 1f 84 00 00 00 00 00 nopw %cs:(%rax,%rax)
```
Can you please also check the disassembly of the module hv_hid.ko ?
--
You are receiving this mail because:
You are the assignee for the bug.