NetBSD Problem Report #54220
From www@netbsd.org Sun May 19 20:48:50 2019
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 307F17A3AD
for <gnats-bugs@gnats.NetBSD.org>; Sun, 19 May 2019 20:48:50 +0000 (UTC)
Message-Id: <20190519204848.E9C9B7A76F@mollari.NetBSD.org>
Date: Sun, 19 May 2019 20:48:48 +0000 (UTC)
From: tobiasu@tmux.org
Reply-To: tobiasu@tmux.org
To: gnats-bugs@NetBSD.org
Subject: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor
X-Send-Pr-Version: www-1.0
>Number: 54220
>Category: bin
>Synopsis: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: mlelstv
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun May 19 20:50:00 +0000 2019
>Last-Modified: Wed Jun 24 09:35:02 +0000 2020
>Originator: Tobias Ulmer
>Release: NetBSD 8.99.40
>Organization:
>Environment:
NetBSD phenom.tmux.org 8.99.40 NetBSD 8.99.40 (GENERIC) #0: Wed May 15 04:39:52 UTC 2019 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
root@phenom:cpuctl$ obj/cpuctl identify 0
cpu0: highest basic info 00000006
cpu0: highest extended info 8000001b
cpu0: "AMD Phenom(tm) II X6 1100T Processor"
cpu0: AMD Family 10h (686-class), 3498.22 MHz
cpu0: family 0x10 model 0xa stepping 0 (id 0x100fa0)
cpu0: features 0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE>
cpu0: features 0x178bfbff<MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
cpu0: features1 0x802009<SSE3,MONITOR,CX16,POPCNT>
cpu0: features2 0xefd3fbff<SYSCALL/SYSRET,NOX,MMXX,MMX,FXSR,FFXSR,P1GB,RDTSCP>
cpu0: features2 0xefd3fbff<LONG,3DNOW2,3DNOW>
cpu0: features3 0x37ff<LAHF,CMPLEGACY,SVM,EAPIC,ALTMOVCR0,LZCNT,SSE4A>
cpu0: features3 0x37ff<MISALIGNSSE,3DNOWPREFETCH,OSVW,IBS,SKINIT,WDT>
cpu0: I-cache 64KB 64B/line 2-way, D-cache 64KB 64B/line 2-way
cpu0: L2 cache 512KB 64B/line 16-way
cpu0: L3 cache 6MB 64B/line 48-way
cpu0: ITLB 32 4KB entries fully associative, 16 2MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 2MB entries fully associative
cpu0: L2 ITLB 512 4KB entries 4-way
cpu0: L2 DTLB 512 4KB entries 4-way, 128 2MB entries 2-way
cpu0: L1 1GB page DTLB 48 1GB entries fully associative
cpu0: L2 1GB page DTLB 16 1GB entries 8-way
cpu0: Initial APIC ID 0
Memory fault (core dumped)
root@phenom:cpuctl$ gdb ./obj/cpuctl ./cpuctl.core
GNU gdb (GDB) 8.0.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64--netbsd".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./obj/cpuctl...done.
[New process 1]
Core was generated by `cpuctl'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000114606d3b in rdmsr ()
(gdb) disassemble
Dump of assembler code for function rdmsr:
0x0000000114606d30 <+0>: mov %rdi,%rcx
0x0000000114606d33 <+3>: xor %rax,%rax
0x0000000114606d36 <+6>: mov $0x9c5a203a,%edi
=> 0x0000000114606d3b <+11>: rdmsr
0x0000000114606d3d <+13>: shl $0x20,%rdx
0x0000000114606d41 <+17>: or %rdx,%rax
0x0000000114606d44 <+20>: retq
End of assembler dump.
(gdb) bt
#0 0x0000000114606d3b in rdmsr ()
#1 0x00000001146068a6 in identifycpu_cpuids_amd (ci=0x7f7fff6075a0) at /usr/src/usr.sbin/cpuctl/arch/i386.c:1963
#2 identifycpu_cpuids (ci=0x7f7fff6075a0) at /usr/src/usr.sbin/cpuctl/arch/i386.c:2011
#3 identifycpu (fd=3, cpuname=0x7f7fff607860 "cpu0") at /usr/src/usr.sbin/cpuctl/arch/i386.c:2247
#4 0x0000000114603286 in cpu_identify (argv=0x7f7fff607928) at /usr/src/usr.sbin/cpuctl/cpuctl.c:288
#5 0x0000000114606df4 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/usr.sbin/cpuctl/cpuctl.c:117
(gdb) info registers
rax 0x0 0
rbx 0x7f7fff607860 140187722086496
rcx 0xc001001f 3221291039
rdx 0x178bfbff 395049983
rsi 0x7f7fff6074a0 140187722085536
rdi 0x9c5a203a 2623152186
rbp 0x7f7fff607860 0x7f7fff607860
rsp 0x7f7fff607438 0x7f7fff607438
r8 0x0 0
r9 0x1 1
r10 0x0 0
r11 0x206 518
r12 0x4 4
r13 0x0 0
r14 0x3 3
r15 0x10 16
rip 0x114606d3b 0x114606d3b <rdmsr+11>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x47 71
ss 0x3f 63
ds 0x23 35
es 0x23 35
fs 0x0 0
gs 0x0 0
(gdb)
Note that rdmsr() is only called for family 0x10 and older:
http://anonhg.netbsd.org/src/file/tip/usr.sbin/cpuctl/arch/i386.c#l1962
AMD documentation is pretty clear this is a ring 0 instruction only,
but maybe some registers are ok on some models? It fails on this CPU anyway.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: bin-bug-people->mlelstv
Responsible-Changed-By: kre@NetBSD.org
Responsible-Changed-When: Mon, 20 May 2019 04:32:20 +0000
Responsible-Changed-Why:
I believe this is caused by the change that you made.
Please investigate.
From: Masanobu SAITOH <msaitoh@execsw.org>
To: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: msaitoh@execsw.org
Subject: Re: bin/54220: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T
Processor
Date: Mon, 20 May 2019 15:18:39 +0900
On 2019/05/20 5:50, tobiasu@tmux.org wrote:
>> Number: 54220
>> Category: bin
>> Synopsis: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T Processor
>> Confidential: no
>> Severity: serious
>> Priority: medium
>> Responsible: bin-bug-people
>> State: open
>> Class: sw-bug
>> Submitter-Id: net
>> Arrival-Date: Sun May 19 20:50:00 +0000 2019
>> Originator: Tobias Ulmer
>> Release: NetBSD 8.99.40
>> Organization:
>> Environment:
> NetBSD phenom.tmux.org 8.99.40 NetBSD 8.99.40 (GENERIC) #0: Wed May 15 04:39:52 UTC 2019 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>> Description:
> root@phenom:cpuctl$ obj/cpuctl identify 0
> cpu0: highest basic info 00000006
> cpu0: highest extended info 8000001b
> cpu0: "AMD Phenom(tm) II X6 1100T Processor"
> cpu0: AMD Family 10h (686-class), 3498.22 MHz
> cpu0: family 0x10 model 0xa stepping 0 (id 0x100fa0)
> cpu0: features 0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE>
> cpu0: features 0x178bfbff<MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
> cpu0: features1 0x802009<SSE3,MONITOR,CX16,POPCNT>
> cpu0: features2 0xefd3fbff<SYSCALL/SYSRET,NOX,MMXX,MMX,FXSR,FFXSR,P1GB,RDTSCP>
> cpu0: features2 0xefd3fbff<LONG,3DNOW2,3DNOW>
> cpu0: features3 0x37ff<LAHF,CMPLEGACY,SVM,EAPIC,ALTMOVCR0,LZCNT,SSE4A>
> cpu0: features3 0x37ff<MISALIGNSSE,3DNOWPREFETCH,OSVW,IBS,SKINIT,WDT>
> cpu0: I-cache 64KB 64B/line 2-way, D-cache 64KB 64B/line 2-way
> cpu0: L2 cache 512KB 64B/line 16-way
> cpu0: L3 cache 6MB 64B/line 48-way
> cpu0: ITLB 32 4KB entries fully associative, 16 2MB entries fully associative
> cpu0: DTLB 48 4KB entries fully associative, 48 2MB entries fully associative
> cpu0: L2 ITLB 512 4KB entries 4-way
> cpu0: L2 DTLB 512 4KB entries 4-way, 128 2MB entries 2-way
> cpu0: L1 1GB page DTLB 48 1GB entries fully associative
> cpu0: L2 1GB page DTLB 16 1GB entries 8-way
> cpu0: Initial APIC ID 0
> Memory fault (core dumped)
> root@phenom:cpuctl$ gdb ./obj/cpuctl ./cpuctl.core
> GNU gdb (GDB) 8.0.1
> Copyright (C) 2017 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64--netbsd".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from ./obj/cpuctl...done.
> [New process 1]
> Core was generated by `cpuctl'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0x0000000114606d3b in rdmsr ()
> (gdb) disassemble
> Dump of assembler code for function rdmsr:
> 0x0000000114606d30 <+0>: mov %rdi,%rcx
> 0x0000000114606d33 <+3>: xor %rax,%rax
> 0x0000000114606d36 <+6>: mov $0x9c5a203a,%edi
> => 0x0000000114606d3b <+11>: rdmsr
> 0x0000000114606d3d <+13>: shl $0x20,%rdx
> 0x0000000114606d41 <+17>: or %rdx,%rax
> 0x0000000114606d44 <+20>: retq
> End of assembler dump.
> (gdb) bt
> #0 0x0000000114606d3b in rdmsr ()
> #1 0x00000001146068a6 in identifycpu_cpuids_amd (ci=0x7f7fff6075a0) at /usr/src/usr.sbin/cpuctl/arch/i386.c:1963
> #2 identifycpu_cpuids (ci=0x7f7fff6075a0) at /usr/src/usr.sbin/cpuctl/arch/i386.c:2011
> #3 identifycpu (fd=3, cpuname=0x7f7fff607860 "cpu0") at /usr/src/usr.sbin/cpuctl/arch/i386.c:2247
> #4 0x0000000114603286 in cpu_identify (argv=0x7f7fff607928) at /usr/src/usr.sbin/cpuctl/cpuctl.c:288
> #5 0x0000000114606df4 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/usr.sbin/cpuctl/cpuctl.c:117
> (gdb) info registers
> rax 0x0 0
> rbx 0x7f7fff607860 140187722086496
> rcx 0xc001001f 3221291039
> rdx 0x178bfbff 395049983
> rsi 0x7f7fff6074a0 140187722085536
> rdi 0x9c5a203a 2623152186
> rbp 0x7f7fff607860 0x7f7fff607860
> rsp 0x7f7fff607438 0x7f7fff607438
> r8 0x0 0
> r9 0x1 1
> r10 0x0 0
> r11 0x206 518
> r12 0x4 4
> r13 0x0 0
> r14 0x3 3
> r15 0x10 16
> rip 0x114606d3b 0x114606d3b <rdmsr+11>
> eflags 0x10246 [ PF ZF IF RF ]
> cs 0x47 71
> ss 0x3f 63
> ds 0x23 35
> es 0x23 35
> fs 0x0 0
> gs 0x0 0
> (gdb)
>
>
> Note that rdmsr() is only called for family 0x10 and older:
> http://anonhg.netbsd.org/src/file/tip/usr.sbin/cpuctl/arch/i386.c#l1962
>
> AMD documentation is pretty clear this is a ring 0 instruction only,
> but maybe some registers are ok on some models? It fails on this CPU anyway.
>> How-To-Repeat:
>
>> Fix:
Add X86_RDMSR into x86/x86/sys_machdep.c::sys_sysarch(), use rdmsr_safe(9)
and add x86_rdmsr(or other name) into lib{i386,x86_64} if it's acceptable?
--
-----------------------------------------------
SAITOH Masanobu (msaitoh@execsw.org
msaitoh@netbsd.org)
From: Tobias Ulmer <tobiasu@tmux.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/54220: cpuctl identify segfault on AMD Phenom(tm) II X6
1100T Processor
Date: Mon, 20 May 2019 13:36:21 +0200
On Mon, May 20, 2019 at 06:20:01AM +0000, Masanobu SAITOH wrote:
> The following reply was made to PR bin/54220; it has been noted by GNATS.
>
> From: Masanobu SAITOH <msaitoh@execsw.org>
> To: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
> Cc: msaitoh@execsw.org
> Subject: Re: bin/54220: cpuctl identify segfault on AMD Phenom(tm) II X6 1100T
> Processor
> Date: Mon, 20 May 2019 15:18:39 +0900
> ...
> Add X86_RDMSR into x86/x86/sys_machdep.c::sys_sysarch(), use rdmsr_safe(9)
> and add x86_rdmsr(or other name) into lib{i386,x86_64} if it's acceptable?
If I may, I would suggest /dev/cpuctl:
https://nxr.netbsd.org/xref/src/sys/kern/kern_cpu.c#214
It's already used by cpuctl "the tool".
This sort of syncs with FreeBSDs similar driver, which could make
porting performance monitoring tools easier.
http://fxr.watson.org/fxr/source/dev/cpuctl/cpuctl.c#L169
>
>
> --
> -----------------------------------------------
> SAITOH Masanobu (msaitoh@execsw.org
> msaitoh@netbsd.org)
>
From: Michael van Elst <mlelstv@serpens.de>
To: gnats-bugs@netbsd.org
Cc: mlelstv@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
tobiasu@tmux.org
Subject: Re: bin/54220: cpuctl identify segfault on AMD Phenom(tm) II X6
1100T Processor
Date: Mon, 20 May 2019 13:53:02 +0200
On Mon, May 20, 2019 at 11:40:02AM +0000, Tobias Ulmer wrote:
> If I may, I would suggest /dev/cpuctl:
> https://nxr.netbsd.org/xref/src/sys/kern/kern_cpu.c#214
> It's already used by cpuctl "the tool".
The tool already uses sysctl() to query hardware and platform
("machdep") information on anything but Intel CPUs.
Greetings,
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."
From: "Jukka Ruohonen" <jruoho@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/54220 CVS commit: src
Date: Wed, 24 Jun 2020 09:32:41 +0000
Module Name: src
Committed By: jruoho
Date: Wed Jun 24 09:32:41 UTC 2020
Modified Files:
src/distrib/sets/lists/tests: mi
src/etc/mtree: NetBSD.dist.tests
Added Files:
src/tests/usr.sbin/cpuctl: Makefile t_cpuctl.sh
Log Message:
Add few basic tests for cpuctl(8). These cover PR kern/45117 and PR bin/54220.
Though, the former is not explicitly tested as it hangs the system.
To generate a diff of this commit:
cvs rdiff -u -r1.845 -r1.846 src/distrib/sets/lists/tests/mi
cvs rdiff -u -r1.163 -r1.164 src/etc/mtree/NetBSD.dist.tests
cvs rdiff -u -r0 -r1.1 src/tests/usr.sbin/cpuctl/Makefile \
src/tests/usr.sbin/cpuctl/t_cpuctl.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.