Bug 17924 - Xorg 1.5.1 SEGV on Solaris 10
Summary: Xorg 1.5.1 SEGV on Solaris 10
Alias: None
Product: xorg
Classification: Unclassified
Component: Lib/pciaccess (show other bugs)
Version: 7.4 (2008.09)
Hardware: x86 (IA32) Solaris
: high critical
Assignee: Alan Coopersmith
QA Contact: Xorg Project Team
Whiteboard: 2011BRB_Reviewed
Depends on:
Reported: 2008-10-06 04:17 UTC by Pat Kane
Modified: 2011-10-09 10:21 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Description Pat Kane 2008-10-06 04:17:29 UTC
# mdb ./Xorg

X.Org X Server 1.5.1
Release Date: 23 September 2008
X Protocol Version 11, Revision 0
Build Operating System: SunOS 5.10 i86pc
Current Operating System: SunOS ultra20m2 5.10 i86pc
Build Date: 03 October 2008  11:09:25AM

        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/big/homea/kane/HgRepo386/Xorg/var/log/Xorg.0.log",
Time: Fri Oct  3 10:24:40 2008
(EE) Unable to locate/open config file
mdb: stop on SIGSEGV
mdb: target stopped at:
libpciaccess.so.0`probe_dev+0x328:      movb   %al,0xec(%ecx,%edx)
> $C
08047bd8 libpciaccess.so.0`probe_dev+0x328(e, 8047c10, 8245540, fef83f49)
08047c48 libpciaccess.so.0`do_probe+0x8d(e, 8245540, fefb07e8, fef839f1)
08047c78 libpciaccess.so.0`pci_system_solx_devfs_create+0x106(59,
8218600, 8047c98, 80d26d9, 0, 8218600)
08047c88 libpciaccess.so.0`pci_system_init+0x1f(0, 8218600, 8047cd8,
80e866f, 821ac00, 6)
08047c98 xf86scanpci+0x1f(821ac00, 6, 0, 8047e48, 821b3c0, 8218600)
08047cd8 xf86PciProbe+0x26(8218600)
08047ce8 xf86BusProbe+0x18(fefdeb56, feffa288, 8047e48, 8243be0,
8218600, 8047d60)
08047d78 InitOutput+0x157(8244760, 1, 8047e00, 809a68a)
08047ddc main+0x397(1, 8047e00, 8047e08)
08047df4 _start+0x80(1, 8047eb0, 0, 8047eb5, 8047ec9, 8047ed6)
> $?
process id = 18649
SIGSEGV: Segmentation Fault
%cs = 0x003b            %eax = 0x0000006b
%ds = 0x0043            %ebx = 0xfef94b84
%ss = 0x0043            %ecx = 0x000121c8
%es = 0x0043            %edx = 0x0824ad88
%fs = 0x0000            %esi = 0x08245540
%gs = 0x01c3            %edi = 0x08047e48

 %eip = 0xfef83f0f libpciaccess.so.0`probe_dev+0x328
 %ebp = 0x08047bd8
%kesp = 0x00000000

%eflags = 0x00010212
  id=0 vip=0 vif=0 ac=0 vm=0 rf=1 nt=0 iopl=0x0

   %esp = 0x08047b80
%trapno = 0xe
   %err = 0x6
> 0xfef83f0f::dis
libpciaccess.so.0`probe_dev+0x306:      movl   0x10(%ebp),%eax
libpciaccess.so.0`probe_dev+0x309:      movl   0x4(%eax),%edx
libpciaccess.so.0`probe_dev+0x30c:      movl   %edx,%eax
libpciaccess.so.0`probe_dev+0x30e:      shll   $0x5,%eax
libpciaccess.so.0`probe_dev+0x311:      addl   %edx,%eax
libpciaccess.so.0`probe_dev+0x313:      leal   0x0(,%eax,8),%ecx
libpciaccess.so.0`probe_dev+0x31a:      movl   0x8(%esi),%edx
libpciaccess.so.0`probe_dev+0x31d:      movl   -0x3c(%ebp),%eax
libpciaccess.so.0`probe_dev+0x320:      andl   $0xff0000,%eax
libpciaccess.so.0`probe_dev+0x325:      shrl   $0x10,%eax
libpciaccess.so.0`probe_dev+0x328:      movb   %al,0xec(%ecx,%edx)    <---
libpciaccess.so.0`probe_dev+0x32f:      movl   0x10(%ebp),%eax
libpciaccess.so.0`probe_dev+0x332:      incl   0x4(%eax)
libpciaccess.so.0`probe_dev+0x335:      cmpb   $0x0,-0x3a(%ebp)
Comment 1 Pat Kane 2008-11-19 06:01:03 UTC
The SEGV only happens when running a 64bit Solaris kernel,
when I boot a 32bit kernel I do not see the problem.

Do I need to compile Xorg for 64bit mode?

Comment 2 Pat Kane 2008-11-20 09:52:42 UTC
I just started to use the libpciaccess from current git
and have the same problem.

My debug shows that this ioctl in solx_devfs.c:

       if (((rval = ioctl(nexus->fd, PCITOOL_DEVICE_GET_REG, prg_p)) != 0) ||
           (prg_p->data == 0xffffffff)) {

is returning bogus data when  prg_p->bus_no  is greater than 127
(I get an APIC error in the console log).

Could this be a bug in the 508 Solaris 10 kernel?

I now have a workaround by not probing bus no's > 127

Comment 3 Jeremy Huddleston Sequoia 2011-10-09 03:38:23 UTC
Over to the Sun God
Comment 4 Alan Coopersmith 2011-10-09 10:21:19 UTC
Honestly, I didn't even think Solaris 10 supported all the PCITOOL ioctls
that libpciaccess uses - perhaps I was just remembering that they needed
work to be able to be correctly & safely used.   From the OS maker point
of view, we ship Xorg 1.3 in Solaris 10, since it does not require 
libpciaccess or HAL, neither of which we ever backported to Solaris 10.

Making it not scan invalid bus id's should be fixed now though:

commit 5bf4b32c2b3844c50e720be5820f2ce657ddea12
Author: Alan Coopersmith <alan.coopersmith@sun.com>
Date:   Thu Jan 22 16:14:22 2009 -0800

    Solaris: Use bus-range properties to limit busses scanned on each node

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.