netbsd-bugs: port-i386/14380: i386 kernel crashes in identifycpu() on Pentium III (Tualatin)

Subject: port-i386/14380: i386 kernel crashes in identifycpu() on Pentium III (Tualatin)
To: None <gnats-bugs@gnats.netbsd.org>
From: None <naoto@morishima.net>
List: netbsd-bugs
Date: 10/28/2001 07:58:53

>Number:         14380
>Category:       port-i386
>Synopsis:       i386 kernel crashes in identifycpu() on Pentium III (Tualatin)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 28 08:00:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Naoto Morishima
>Release:        NetBSD-current 20011028
>Organization:
Nara Institute of Science and Technology
>Environment:
NetBSD chamomile.morishima.net 1.5Y NetBSD 1.5Y (CHAMOMILE) #8: Sun Oct 28 10:44:00 JST 2001 moley@chamomile.morishima.net:/usr/src/sys/arch/i386/compile/CHAMOMILE i386
>Description:
When using Pentium III(Tualatin) box, NetBSD-current kernel crashes
in identifycpu().  This is coused under the following conditions:

 1) using 686-class cpu, for which kernel does not have string of
    cpu_models in i386_cpuid_cpus, e.g. Pentium III (Tualatin).
 2) using kernel whose arch/i386/i386/machdep.c has revision 1.454
    or later.

Under the condition of 1), name is NULL in identifycpu(), and should
be set to default value, i.e. cpufam->cpu_models[CPU_DEFMODEL].  It
is desired that the array of cpu_models of cpu_cpuid_nameclass has
17 members (CPU_MAXMODEL + 2), but there are only 16 members in case
of CPUCLASS_686!

In identifycpu() in 2), *name is referred in snprintf, which makes
kernel crash under the condition of 1).
>How-To-Repeat:
see above.
>Fix:
cpu_models of cpu_cpuid_nameclass should have 17 members.
Patch to fix the problem may be like this:

Index: machdep.c
===================================================================
RCS file: /cvsroot/syssrc/sys/arch/i386/i386/machdep.c,v
retrieving revision 1.457
diff -r1.457 machdep.c
710,711c710,711
<                               0, "Pentium III (Cascades)", 0, 0,
<                               0, 0,
---
>                               0, "Pentium III (Cascades)",
>                               "Pentium III (Tualatin)", 0, 0, 0, 0,

>Release-Note:
>Audit-Trail:
>Unformatted: