NetBSD Problem Report #54815
From paul@whooppee.com Tue Dec 31 17:46:44 2019
Return-Path: <paul@whooppee.com>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id BD1237A1CC
for <gnats-bugs@gnats.NetBSD.org>; Tue, 31 Dec 2019 17:46:44 +0000 (UTC)
Message-Id: <20191231174542.D779030F2C3@speedy.whooppee.com>
Date: Tue, 31 Dec 2019 09:45:42 -0800 (PST)
From: paul@whooppee.com
Reply-To: paul@whooppee.com
To: gnats-bugs@NetBSD.org
Subject: x86 cpu_rescan() panic
X-Send-Pr-Version: 3.95
>Number: 54815
>Category: kern
>Synopsis: x86 cpu_rescan() panic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pgoyette
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Dec 31 17:50:00 +0000 2019
>Closed-Date: Tue Jan 21 13:25:12 +0000 2020
>Last-Modified: Tue Jan 21 13:25:12 +0000 2020
>Originator: Paul Goyette
>Release: NetBSD 9.99.31
>Organization:
+--------------------+--------------------------+-----------------------+
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| (Retired) | FA29 0E3B 35AF E8AE 6651 | paul@whooppee.com |
| Software Developer | 0786 F758 55DE 53BA 7731 | pgoyette@netbsd.org |
+--------------------+--------------------------+-----------------------+
>Environment:
System: NetBSD speedy.whooppee.com 9.99.31 NetBSD 9.99.31 (SPEEDY 2019-12-29 15:58:23 UTC) #0: Sun Dec 29 23:24:13 UTC 2019 paul@speedy.whooppee.com:/build/netbsd-local/obj/amd64/sys/arch/amd64/compile/SPEEDY amd64
Architecture: x86_64
Machine: amd64
>Description:
cpu_rescan() gets called when a non-built-in version of the
acpicpu or coretemp modules is loaded. If the kernel has
multiprocessor support, and you disable multiprocessor at
boot time (via ``boot -1''), a subsequent attempt to load
either of those modules results in a panic. It appears that
the cpu device's softc member sc->sc_info is NULL, causing
a failure to dereference the pointer at src/sys/x86/x86/cpu.c
line 547 (cpu_rescaqn + 0x3b).
>How-To-Repeat:
1. Build a kernel that matches GENERIC but does not include
the coretemp or acpicpu devices
2. Boot that kernel using ``boot -1''
3. Use modload(8) to load either coretemp or acpicpu device
modules
4. boom
>Fix:
Perhaps a short-circuit to avoid dereferencing the NULL ptr?
Index: cpu.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/x86/cpu.c,v
retrieving revision 1.179
diff -u -p -r1.179 cpu.c
--- cpu.c 20 Dec 2019 21:05:34 -0000 1.179
+++ cpu.c 31 Dec 2019 17:43:50 -0000
@@ -540,6 +540,9 @@ cpu_rescan(device_t self, const char *if
struct cpufeature_attach_args cfaa;
struct cpu_info *ci = sc->sc_info;
+ if (ci == NULL)
+ return 0;
+
memset(&cfaa, 0, sizeof(cfaa));
cfaa.ci = ci;
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: kern-bug-people->pgoyette
Responsible-Changed-By: pgoyette@NetBSD.org
Responsible-Changed-When: Tue, 14 Jan 2020 02:09:56 +0000
Responsible-Changed-Why:
I'll deal with it
State-Changed-From-To: open->pending-pullups
State-Changed-By: pgoyette@NetBSD.org
State-Changed-When: Tue, 14 Jan 2020 02:09:56 +0000
State-Changed-Why:
Fix committed, waiting for pull-up #9-623
State-Changed-From-To: pending-pullups->closed
State-Changed-By: pgoyette@NetBSD.org
State-Changed-When: Tue, 21 Jan 2020 13:25:12 +0000
State-Changed-Why:
Pullup-9 #623 completed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home