kern/54815: x86 cpu_rescan() panic

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/54815: x86 cpu_rescan() panic
From: paul%whooppee.com@localhost
Date: Tue, 31 Dec 2019 17:50:00 +0000 (UTC)

>Number:         54815
>Category:       kern
>Synopsis:       x86 cpu_rescan() panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Dec 31 17:50:00 +0000 2019
>Originator:     Paul Goyette
>Release:        NetBSD 9.99.31
>Organization:
+--------------------+--------------------------+-----------------------+
| Paul Goyette       | PGP Key fingerprint:     | E-mail addresses:     |
| (Retired)          | FA29 0E3B 35AF E8AE 6651 | paul%whooppee.com@localhost     |
| Software Developer | 0786 F758 55DE 53BA 7731 | pgoyette%netbsd.org@localhost   |
+--------------------+--------------------------+-----------------------+
>Environment:
	
	
System: NetBSD speedy.whooppee.com 9.99.31 NetBSD 9.99.31 (SPEEDY 2019-12-29 15:58:23 UTC) #0: Sun Dec 29 23:24:13 UTC 2019 paul%speedy.whooppee.com@localhost:/build/netbsd-local/obj/amd64/sys/arch/amd64/compile/SPEEDY amd64
Architecture: x86_64
Machine: amd64
>Description:
	cpu_rescan() gets called when a non-built-in version of the
	acpicpu or coretemp modules is loaded.  If the kernel has
	multiprocessor support, and you disable multiprocessor at
	boot time (via ``boot -1''), a subsequent attempt to load
	either of those modules results in a panic.  It appears that
	the cpu device's softc member sc->sc_info is NULL, causing
	a failure to dereference the pointer at src/sys/x86/x86/cpu.c
	line 547 (cpu_rescaqn + 0x3b).
	
>How-To-Repeat:
	1. Build a kernel that matches GENERIC but does not include
	   the coretemp or acpicpu devices
	2. Boot that kernel using ``boot -1''
	3. Use modload(8) to load either coretemp or acpicpu device
	   modules
	4. boom
	
>Fix:
	Perhaps a short-circuit to avoid dereferencing the NULL ptr?

Index: cpu.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/x86/cpu.c,v
retrieving revision 1.179
diff -u -p -r1.179 cpu.c
--- cpu.c       20 Dec 2019 21:05:34 -0000      1.179
+++ cpu.c       31 Dec 2019 17:43:50 -0000
@@ -540,6 +540,9 @@ cpu_rescan(device_t self, const char *if
 	struct cpufeature_attach_args cfaa;
 	struct cpu_info *ci = sc->sc_info;
 
+	if (ci == NULL)
+		return 0;
+
 	memset(&cfaa, 0, sizeof(cfaa));
 	cfaa.ci = ci;

	

>Unformatted:

Prev by Date: Re: kern/54806: Many ptrace tests fail on evbarm-aarch64
Next by Date: Re: kern/54806: Many ptrace tests fail on evbarm-aarch64
Previous by Thread: PR/54813 CVS commit: src/sys/dev/i2c
Next by Thread: PR/54729 CVS commit: src/sbin/dmesg
Indexes:

Home | Main Index | Thread Index | Old Index