Subject: Re: Xig & Neomagic & Freebsd & current ...
To: None <Havard.Eidnes@runit.sintef.no>
From: None <rvb@sicily.odyssey.cs.cmu.edu>
List: port-i386
Date: 08/09/1998 15:55:18
You have definitely identified the problem.  (That open'ing /dev/mem
for reading does not allow it to be mmap'ed for read/write -- it used
to.)  But your solution is MUCH TO COMPLICATED for the average user.

I looked at the actual freebsd mmap routine.  They make special
allowances for the Xig case.  I suggest that we make the same kind of
change in the freebsd emulated code so sys_freebsd_mmap() will take
care of things then call sys_mmap().

Any objections?


Havard.Eidnes@runit.sintef.no writes:

> ----Next_Part(Sun_Aug__9_15:35:18_1998)--
> Content-Type: Text/Plain; charset=iso-8859-1
> Content-Transfer-Encoding: quoted-printable
> 
> > Is anyone running -current (7/7 or later) on a laptop with a neomagic
> > chip set and the emulated Xig freebsd software.  This worked fine for
> > me under 1.3 and doesn't get started at all under -current.
> 
> I'm in a similar situation, and I got som help from Dave Huang to
> solve this problem.  The problem is that the X server opens /dev/mem
> read-only, and then proceeds to write into the memory area.  The
> recipe for doing a binary patch follows attached below.
> 
> - H=E5vard
> 
> ----Next_Part(Sun_Aug__9_15:35:18_1998)--
> Content-Type: Text/Plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> 
> Here's an idea... I don't know if it'll actually work, but it's worth a
> try :) First find where the string "/dev/mem" occurs in the exe (which
> you've already done :) In my example, I'm using the FreeBSD 4.1 demo
> server:
> 
> % strings -t x Xaccel | grep /dev/mem
> 000e800 /dev/mem
> 000e809 Couldn't open "/dev/mem"
> 
> On the i386, a.out binaries are apparently loaded at 0x1000. So, 0xe800
> in the file would end up at 0xf800 in memory. Use objdump or some other
> disassembler to see where 0xf800 is referenced. For some reason, objdump
> doesn't get the load address correct for FreeBSD binaries; it assumes
> the text segment ends up at address 0. You can use the --adjust-vma
> option to fix this though. (0x1020 because the a.out exec header is 0x20
> bytes long and the text segment seems to always come right after that.
> Also, see bytes 0x14 through 0x17 of the executable)
> 
> % objdump -d --adjust-vma=0x1020 Xaccel > Xaccel.s
> % grep -n 0xf800 Xaccel.s
> 24579:    f844: 68 00 f8 00 00  pushl  $0xf800
> 233741:   8c127:        00 a1 00 00 00  addb   %ah,0xf8000000(%ecx)
> 239214:   8f26b:        00 05 02 00 00  addb   %al,0xf8000002
> 
> So, it's only referenced at one place... take a look around there...
> 
> % less +24574 Xaccel.s
>     f838:       53              pushl  %ebx
>     f839:       83 3d dc f3 09  cmpl   $0xffffffff,0x9f3dc
>     f83e:       00 ff
>     f840:       75 2e           jne    f870
>     f842:       6a 00           pushl  $0x0
>     f844:       68 00 f8 00 00  pushl  $0xf800
>     f849:       e8 3e d9 08 00  call   9d18c
>     f84e:       a3 dc f3 09 00  movl   %eax,0x9f3dc
>     f853:       83 c4 08        addl   $0x8,%esp
>     f856:       83 f8 ff        cmpl   $0xffffffff,%eax
>     f859:       75 15           jne    f870
>     f85b:       68 09 f8 00 00  pushl  $0xf809
>     f860:       e8 4b 20 04 00  call   518b0
> 
> That looks like the one to me... f842 pushes the flags to the open call
> (O_RDONLY), f844 pushes the pointer to the pathname ("/dev/mem"), and
> f849 calls open(). Also, if you look a bit after that, you can see that
> if the call returns -1, it pushes 0xf809, the address of the "Couldn't
> open "/dev/mem"" message and calls some routine... maybe perror() or
> something. Anyways, you want to change the "pushl $0x0" to "pushl $0x2",
> so for the Xaccel 4.1 demo, you'd change byte 0xe843 of the binary from
> 0 to 2.
> 
> --------------------
> 
> > snylteveps# objdump -d --adjust-vma=0x1020 Xaccel > Xaccel.s
> > objdump: Xaccel: File format not recognized
> > snylteveps#
> 
> You may need to reconfigure and rebuild objdump with
> configure --enable-targets=all for it to recognize FreeBSD binaries...
> My objdump --help reports:
> 
> objdump: supported targets: a.out-i386-netbsd a.out-i386-bsd a.out-i386
> msdos pe-i386 pei-i386 elf32-i386 a.out-i386-linux srec symbolsrec
> tekhex binary ihex
> 
> objdump claims the FreeBSD binary I tried was of type "a.out-i386"
> 
> --------------------
> 
> ----Next_Part(Sun_Aug__9_15:35:18_1998)----