NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/54220: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor

On 2019/05/20 5:50, tobiasu%tmux.org@localhost wrote:
>> Number:         54220
>> Category:       bin
>> Synopsis:       cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor
>> Confidential:   no
>> Severity:       serious
>> Priority:       medium
>> Responsible:    bin-bug-people
>> State:          open
>> Class:          sw-bug
>> Submitter-Id:   net
>> Arrival-Date:   Sun May 19 20:50:00 +0000 2019
>> Originator:     Tobias Ulmer
>> Release:        NetBSD 8.99.40
>> Organization:
>> Environment:
> NetBSD phenom.tmux.org 8.99.40 NetBSD 8.99.40 (GENERIC) #0: Wed May 15 04:39:52 UTC 2019  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>> Description:
> root@phenom:cpuctl$ obj/cpuctl identify 0
> cpu0: highest basic info 00000006
> cpu0: highest extended info 8000001b
> cpu0: "AMD Phenom(tm) II X6 1100T Processor"
> cpu0: AMD Family 10h (686-class), 3498.22 MHz
> cpu0: family 0x10 model 0xa stepping 0 (id 0x100fa0)
> cpu0: features 0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE>
> cpu0: features 0x178bfbff<MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
> cpu0: features1 0x802009<SSE3,MONITOR,CX16,POPCNT>
> cpu0: features2 0xefd3fbff<SYSCALL/SYSRET,NOX,MMXX,MMX,FXSR,FFXSR,P1GB,RDTSCP>
> cpu0: features2 0xefd3fbff<LONG,3DNOW2,3DNOW>
> cpu0: features3 0x37ff<LAHF,CMPLEGACY,SVM,EAPIC,ALTMOVCR0,LZCNT,SSE4A>
> cpu0: features3 0x37ff<MISALIGNSSE,3DNOWPREFETCH,OSVW,IBS,SKINIT,WDT>
> cpu0: I-cache 64KB 64B/line 2-way, D-cache 64KB 64B/line 2-way
> cpu0: L2 cache 512KB 64B/line 16-way
> cpu0: L3 cache 6MB 64B/line 48-way
> cpu0: ITLB 32 4KB entries fully associative, 16 2MB entries fully associative
> cpu0: DTLB 48 4KB entries fully associative, 48 2MB entries fully associative
> cpu0: L2 ITLB 512 4KB entries 4-way
> cpu0: L2 DTLB 512 4KB entries 4-way, 128 2MB entries 2-way
> cpu0: L1 1GB page DTLB 48 1GB entries fully associative
> cpu0: L2 1GB page DTLB 16 1GB entries 8-way
> cpu0: Initial APIC ID 0
> Memory fault (core dumped)
> root@phenom:cpuctl$ gdb ./obj/cpuctl ./cpuctl.core
> GNU gdb (GDB) 8.0.1
> Copyright (C) 2017 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64--netbsd".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from ./obj/cpuctl...done.
> [New process 1]
> Core was generated by `cpuctl'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x0000000114606d3b in rdmsr ()
> (gdb) disassemble 
> Dump of assembler code for function rdmsr:
>    0x0000000114606d30 <+0>:     mov    %rdi,%rcx
>    0x0000000114606d33 <+3>:     xor    %rax,%rax
>    0x0000000114606d36 <+6>:     mov    $0x9c5a203a,%edi
> => 0x0000000114606d3b <+11>:    rdmsr  
>    0x0000000114606d3d <+13>:    shl    $0x20,%rdx
>    0x0000000114606d41 <+17>:    or     %rdx,%rax
>    0x0000000114606d44 <+20>:    retq   
> End of assembler dump.
> (gdb) bt
> #0  0x0000000114606d3b in rdmsr ()
> #1  0x00000001146068a6 in identifycpu_cpuids_amd (ci=0x7f7fff6075a0) at /usr/src/usr.sbin/cpuctl/arch/i386.c:1963
> #2  identifycpu_cpuids (ci=0x7f7fff6075a0) at /usr/src/usr.sbin/cpuctl/arch/i386.c:2011
> #3  identifycpu (fd=3, cpuname=0x7f7fff607860 "cpu0") at /usr/src/usr.sbin/cpuctl/arch/i386.c:2247
> #4  0x0000000114603286 in cpu_identify (argv=0x7f7fff607928) at /usr/src/usr.sbin/cpuctl/cpuctl.c:288
> #5  0x0000000114606df4 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/usr.sbin/cpuctl/cpuctl.c:117
> (gdb) info registers
> rax            0x0      0
> rbx            0x7f7fff607860   140187722086496
> rcx            0xc001001f       3221291039
> rdx            0x178bfbff       395049983
> rsi            0x7f7fff6074a0   140187722085536
> rdi            0x9c5a203a       2623152186
> rbp            0x7f7fff607860   0x7f7fff607860
> rsp            0x7f7fff607438   0x7f7fff607438
> r8             0x0      0
> r9             0x1      1
> r10            0x0      0
> r11            0x206    518
> r12            0x4      4
> r13            0x0      0
> r14            0x3      3
> r15            0x10     16
> rip            0x114606d3b      0x114606d3b <rdmsr+11>
> eflags         0x10246  [ PF ZF IF RF ]
> cs             0x47     71
> ss             0x3f     63
> ds             0x23     35
> es             0x23     35
> fs             0x0      0
> gs             0x0      0
> (gdb)
> 
> 
> Note that rdmsr() is only called for family 0x10 and older:
> http://anonhg.netbsd.org/src/file/tip/usr.sbin/cpuctl/arch/i386.c#l1962
> 
> AMD documentation is pretty clear this is a ring 0 instruction only,
> but maybe some registers are ok on some models? It fails on this CPU anyway.
>> How-To-Repeat:
> 
>> Fix:

Add X86_RDMSR into x86/x86/sys_machdep.c::sys_sysarch(), use rdmsr_safe(9)
and add x86_rdmsr(or other name) into lib{i386,x86_64} if it's acceptable?


-- 
-----------------------------------------------
                SAITOH Masanobu (msaitoh%execsw.org@localhost
                                 msaitoh%netbsd.org@localhost)
Home | Main Index | Thread Index | Old Index