> I've started looking at this. The most likely source of EFAULT errors > seemed to be the copyin of args failing but that didn't pan out.
An mdb breakpoint on the set_errno(EFAULT) call in syscall_entry() works for me http://cvs.opensolaris.org/source/xref/on/usr/src/uts/intel/ia32/os/syscall.c#240 I'm running qemu like this: qemu-system-x86_64 -d int -m 512 -localtime -snapshot sol11.img and qemu's interrupt trace log in /tmp/qemu.log contains: [b] .... lots of output deleted ... 8216: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee08e65 pc=00000000fee08e65 SP=0043:00000000febcbaac EAX=0000000000000036 8217: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee08e65 pc=00000000fee08e65 SP=0043:00000000febcbac0 EAX=0000000000000036 8218: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee092e5 pc=00000000fee092e5 SP=0043:00000000febcba3c EAX=00000000000000a1 8220: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee099a5 pc=00000000fee099a5 SP=0043:00000000febcbab0 EAX=000000000000008f 8235: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee08de5 pc=00000000fee08de5 SP=0043:fffffe80febcbab0 EAX=0000000000000014 <<<<<<<< 8260: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee09325 pc=00000000fee09325 SP=0043:fffffe80febcba80 EAX=00000000000000a4 <<<<<<<< 8285: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee0ab24 pc=00000000fee0ab24 SP=0043:00000000febcba7c EAX=00000000000000a5 8368: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee092c5 pc=00000000fee092c5 SP=0043:00000000febcba4c EAX=00000000000000a2 8369: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee0ab24 pc=00000000fee0ab24 SP=0043:00000000febcba7c EAX=00000000000000a5 8394: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee0af95 pc=00000000fee0af95 SP=0043:00000000febcba68 EAX=00000000000000e1 8403: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee08e65 pc=00000000fee08e65 SP=0043:00000000febcba74 EAX=0000000000000036 8407: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee08c35 pc=00000000fee08c35 SP=0043:00000000febcba90 EAX=0000000000000006 8408: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee08e65 pc=00000000fee08e65 SP=0043:00000000febcbac0 EAX=0000000000000036 8409: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee08c35 pc=00000000fee08c35 SP=0043:00000000febcbac0 EAX=0000000000000006 8414: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee09595 pc=00000000fee09595 SP=0043:00000000febcba64 EAX=000000000000006b 8416: v=91 e=0000 i=1 cpl=3 IP=003b:00000000fee08e65 pc=00000000fee08e65 SP=0043:fffffe80febcbac0 EAX=0000000000000036 <<<<<<<< [/b] The upper 32-bit of the RSP register are cleared, but sometimes there is 0xfffffe80 in the upper 32-bits of the stack pointer. In that log there are actually a few system calls with the strange stack pointer, and they didn't fail, but when looking at the EAX register we see that these were system calls that dont have arguments: [b] > sysent::print [14] { [14].sy_narg = '\0' <<<<<<<< [14].sy_flags = 0x1 [14].sy_call = 0 [14].sy_lock = 0 [14].sy_callc = getpid } > sysent::print [a4] { [a4].sy_narg = '\0' <<<<<<<< [a4].sy_flags = 0 [a4].sy_call = 0 [a4].sy_lock = 0 [a4].sy_callc = lwp_self } > sysent::print [36] { [36].sy_narg = '\003' <<<<<<<< [36].sy_flags = 0 [36].sy_call = 0 [36].sy_lock = 0 [36].sy_callc = ioctl } [/b] The last system call with the strange stack pointer and EAX = 0x36 actually has arguments, and is the first one that fails with EFAULT. -- This message posted from opensolaris.org
