bin/54220: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/54220: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor
From: tobiasu%tmux.org@localhost
Date: Sun, 19 May 2019 20:50:00 +0000 (UTC)

>Number:         54220
>Category:       bin
>Synopsis:       cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun May 19 20:50:00 +0000 2019
>Originator:     Tobias Ulmer
>Release:        NetBSD 8.99.40
>Organization:
>Environment:
NetBSD phenom.tmux.org 8.99.40 NetBSD 8.99.40 (GENERIC) #0: Wed May 15 04:39:52 UTC 2019  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
root@phenom:cpuctl$ obj/cpuctl identify 0
cpu0: highest basic info 00000006
cpu0: highest extended info 8000001b
cpu0: "AMD Phenom(tm) II X6 1100T Processor"
cpu0: AMD Family 10h (686-class), 3498.22 MHz
cpu0: family 0x10 model 0xa stepping 0 (id 0x100fa0)
cpu0: features 0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE>
cpu0: features 0x178bfbff<MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
cpu0: features1 0x802009<SSE3,MONITOR,CX16,POPCNT>
cpu0: features2 0xefd3fbff<SYSCALL/SYSRET,NOX,MMXX,MMX,FXSR,FFXSR,P1GB,RDTSCP>
cpu0: features2 0xefd3fbff<LONG,3DNOW2,3DNOW>
cpu0: features3 0x37ff<LAHF,CMPLEGACY,SVM,EAPIC,ALTMOVCR0,LZCNT,SSE4A>
cpu0: features3 0x37ff<MISALIGNSSE,3DNOWPREFETCH,OSVW,IBS,SKINIT,WDT>
cpu0: I-cache 64KB 64B/line 2-way, D-cache 64KB 64B/line 2-way
cpu0: L2 cache 512KB 64B/line 16-way
cpu0: L3 cache 6MB 64B/line 48-way
cpu0: ITLB 32 4KB entries fully associative, 16 2MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 2MB entries fully associative
cpu0: L2 ITLB 512 4KB entries 4-way
cpu0: L2 DTLB 512 4KB entries 4-way, 128 2MB entries 2-way
cpu0: L1 1GB page DTLB 48 1GB entries fully associative
cpu0: L2 1GB page DTLB 16 1GB entries 8-way
cpu0: Initial APIC ID 0
Memory fault (core dumped)
root@phenom:cpuctl$ gdb ./obj/cpuctl ./cpuctl.core
GNU gdb (GDB) 8.0.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./obj/cpuctl...done.
[New process 1]
Core was generated by `cpuctl'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000000114606d3b in rdmsr ()
(gdb) disassemble 
Dump of assembler code for function rdmsr:
   0x0000000114606d30 <+0>:     mov    %rdi,%rcx
   0x0000000114606d33 <+3>:     xor    %rax,%rax
   0x0000000114606d36 <+6>:     mov    $0x9c5a203a,%edi
=> 0x0000000114606d3b <+11>:    rdmsr  
   0x0000000114606d3d <+13>:    shl    $0x20,%rdx
   0x0000000114606d41 <+17>:    or     %rdx,%rax
   0x0000000114606d44 <+20>:    retq   
End of assembler dump.
(gdb) bt
#0  0x0000000114606d3b in rdmsr ()
#1  0x00000001146068a6 in identifycpu_cpuids_amd (ci=0x7f7fff6075a0) at /usr/src/usr.sbin/cpuctl/arch/i386.c:1963
#2  identifycpu_cpuids (ci=0x7f7fff6075a0) at /usr/src/usr.sbin/cpuctl/arch/i386.c:2011
#3  identifycpu (fd=3, cpuname=0x7f7fff607860 "cpu0") at /usr/src/usr.sbin/cpuctl/arch/i386.c:2247
#4  0x0000000114603286 in cpu_identify (argv=0x7f7fff607928) at /usr/src/usr.sbin/cpuctl/cpuctl.c:288
#5  0x0000000114606df4 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/usr.sbin/cpuctl/cpuctl.c:117
(gdb) info registers
rax            0x0      0
rbx            0x7f7fff607860   140187722086496
rcx            0xc001001f       3221291039
rdx            0x178bfbff       395049983
rsi            0x7f7fff6074a0   140187722085536
rdi            0x9c5a203a       2623152186
rbp            0x7f7fff607860   0x7f7fff607860
rsp            0x7f7fff607438   0x7f7fff607438
r8             0x0      0
r9             0x1      1
r10            0x0      0
r11            0x206    518
r12            0x4      4
r13            0x0      0
r14            0x3      3
r15            0x10     16
rip            0x114606d3b      0x114606d3b <rdmsr+11>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x47     71
ss             0x3f     63
ds             0x23     35
es             0x23     35
fs             0x0      0
gs             0x0      0
(gdb)


Note that rdmsr() is only called for family 0x10 and older:
http://anonhg.netbsd.org/src/file/tip/usr.sbin/cpuctl/arch/i386.c#l1962

AMD documentation is pretty clear this is a ring 0 instruction only,
but maybe some registers are ok on some models? It fails on this CPU anyway.
>How-To-Repeat:

>Fix:

Follow-Ups:
- Re: bin/54220: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor
  - From: Masanobu SAITOH

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: Re: bin/54220 (cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor)
Previous by Thread: Re: kern/54219 (zpool create pool dk5 causes kernel panic)
Next by Thread: Re: bin/54220: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor
Indexes:

Home | Main Index | Thread Index | Old Index