Bug 28485 - s3virge driver segfaults with PROBE_DETECT
Summary: s3virge driver segfaults with PROBE_DETECT
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/s3virge (show other bugs)
Version: git
Hardware: x86 (IA32) Linux (All)
: medium normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
Whiteboard: 2011BRB_Reviewed
Depends on:
Reported: 2010-06-10 07:27 UTC by Fernando Carrijo
Modified: 2018-08-10 20:45 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

All the aforementioned logs (6.12 KB, application/x-gzip)
2010-06-10 07:27 UTC, Fernando Carrijo
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Fernando Carrijo 2010-06-10 07:27:16 UTC
Created attachment 36202 [details]
All the aforementioned logs

Running the X Server with "sudo /opt/xorg/bin/Xorg :1 -configure -verbose" causes the the s3virge driver to segfault during system probe. The corresponding log file is attached as Xorg.1.log.

Running the X Server with "sudo startx -- /opt/xorg/bin/Xorg :1 -verbose" does not cause the s3virge driver to segfault, albeit it renders the screen garbled and logs an error message related to IA-32 MTRR registers. That message can be found attached in Xorg.2.log.

Both the X Server and the s3virge driver are unstable versions cloned from the official Freedesktop's git repositories, whose SHAs are 8e97e5f9425639a and 11fc32f5f06d20c respectively.

Attached is also the output of lspci.
Comment 1 Fernando Carrijo 2010-06-10 07:38:58 UTC
By the way, I configured the X Server for compilation with:

autogen.sh --prefix=/opt/xorg

For the s3virge driver, I just used --prefix=/opt/xorg
Comment 2 Jeremy Huddleston Sequoia 2011-10-16 14:57:48 UTC
[153078.634] 0: /opt/xorg/bin/Xorg (xorg_backtrace+0x3b) [0x80fdc6b]
[153078.634] 1: /opt/xorg/bin/Xorg (0x8048000+0x71a15) [0x80b9a15]
[153078.634] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0x507410]
[153078.635] 3: /opt/xorg/lib/xorg/modules/drivers/s3virge_drv.so 
(0x188000+0x6498) [0x18e498]
[153078.635] 4: /opt/xorg/bin/Xorg (xf86CallDriverProbe+0x8a) [0x80bb88a]
[153078.635] 5: /opt/xorg/bin/Xorg (DoConfigure+0x1cc) [0x80c888c]
[153078.640] 6: /opt/xorg/bin/Xorg (InitOutput+0xef5) [0x80be5f5]
[153078.640] 7: /opt/xorg/bin/Xorg (main+0x1c6) [0x806f8c6]
[153078.641] 8: /lib/tls/i686/cmov/libc.so.6 (__libc_start_main+0xe6) [0xa55bd6]
[153078.641] 9: /opt/xorg/bin/Xorg (0x8048000+0x27661) [0x806f661]
[153078.642] Segmentation fault at address (nil)

Looks like PROBE_DETECT might not be working for s3virge.

If you can figure out exactly where frame 3 is, that would help.

Is this still crashing?

What version (server or driver) introduced these issues?  Can you bisect to the 
commit that introduced this?
Comment 3 Satoshi KImura 2012-01-14 20:29:02 UTC
 The similar trouble was reproduced on following environment.
PC : AT compatible PC (M/B : Supermicro P3TDL3)
Video Card : S3 Virge 86C325 4MB (I-O DATA GA-PG3D4/PCI)
OS : FreeBSD 8.2
X Server : 1.7.7
driver : xf86-video-s3virge-1.10.4 or getting by git at 2012-01-13,

% git clone git://anongit.freedesktop.org/xorg/driver/xf86-video-s3virge

 When run X Server, segmentation fault occur and freeze with OS.
This trouble were made on s3v_driver.c at the function from
find_bios_string() to pci_device_read_rom(), so I attempt to
modify according to the function mga_read_and_process_bios() (mga_bios.c)
as follows:

--- src/s3v_driver.c.orig   2012-01-13 01:32:57.000000000 +0900
+++ src/s3v_driver.c        2012-01-15 12:37:26.000000000 +0900
@@ -317,10 +317,10 @@

 static unsigned char *find_bios_string(S3VPtr ps3v, int BIOSbase, char *match1,
 char *match2)
-#define BIOS_BSIZE 1024
+#define BIOS_BSIZE 0x20000
 #define BIOS_BASE  0xc0000

-   static unsigned char bios[BIOS_BSIZE];
+   CARD8 bios[BIOS_BSIZE];
    static int init=0;
    int i,j,l1,l2;

 So driver works without trouble. I cannot determine suitable size,
but the value 2048, 4096 were not enough on My PC. Also I don't know
why original bios array are not auto but static.

 I think that s3 driver (xf86-video-s3) may reprodude the same trouble
on s3_bios.c, since BIOS_BSIZE is also 1024. (BIOS_BSIZE was set in s3.h)
Comment 4 Satoshi KImura 2012-02-02 07:28:39 UTC
Sorry, array "bios" is to be static in this driver.
Comment 5 Christoph Bauer 2012-12-13 17:55:45 UTC
Thanks for the patch. Without I couldn't start X, because of a segfault.
Comment 6 GitLab Migration User 2018-08-10 20:45:53 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/driver/xf86-video-s3virge/issues/1.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.