[Bug 251464] OpenBSD 6.7 GPT bootloader causes unemulated instruction in low memory environment

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Nov 29 19:44:30 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251464

            Bug ID: 251464
           Summary: OpenBSD 6.7 GPT bootloader causes unemulated
                    instruction in low memory environment
           Product: Base System
           Version: 12.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bhyve
          Assignee: virtualization at FreeBSD.org
          Reporter: crowston at protonmail.com

I am not able to boot a single-processor OpenBSD install with less than 300 MB
of memory. Such a configuration kills bhyve with an unemulated instruction
abort trap.

For example:

Failed to emulate instruction [0x45 0xf3 0x11 0xa3 0x3b 0x31 0xcf 0x18 0x48
0x74 0xcc 0x11 0xc4 0xb8 0x39] at 0xe9b656b
./start.sh: line 14: 98904 Abort trap              bhyve -c
sockets=1,cores=1,threads=1 -m 256M -H -w -u -s 0,amd_hostbridge -s
1:0,virtio-blk,/dev/zvol/tank0/bhyve/xxxx -s 1:1,virtio-net,tap3 -s
1:2,virtio-rnd -s 31,lpc -l
bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd -l com1,/dev/nmdm3A xxxx

Console output from the guest is

 probing: pc0 com0 com1 mem[640K 233M 16M 20K 4M 64K]
 disk: hd0
 >> OpenBSD/amd64 BOOTX64 3.50
 switching console to com0
 >> OpenBSD/amd64 BOOTX64 3.50
 boot> 
 booting hd0a:/bsd: 12879176+2753552+326368+0+704512 [811997-

In the instruction hex is decoded in long mode, it looks like
0:  45                      rex.RB
1:  f3 11 a3 3b 31 cf 18    repz adc DWORD PTR [rbx+0x18cf313b],esp
8:  48 74 cc                rex.W je 0xffffffffffffffd7
b:  11 c4                   adc    esp,eax
d:  b8                      .byte 0xb8
e:  39                      .byte 0x39

Booting the exact same configuration with 300 MB or 512 MB works correctly.

I am running some patches on top of 12.2-RELEASE, so it's possible I broke
something at some stage. I looked at vmm_instruction_emul.c, but none of the
latest patches look like they add anything to do with rex.RB or repz adc.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-virtualization mailing list