Date: Mon, 9 Jan 2012 23:16:36 GMT From: Alan Somers <alans@spectralogic.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/163978: Loading hwpmc with an unknown cpuid causes a page fault in kernel mode. Message-ID: <201201092316.q09NGaiu090182@red.freebsd.org> Resent-Message-ID: <201201092320.q09NKDVn021024@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 163978
>Category: kern
>Synopsis: Loading hwpmc with an unknown cpuid causes a page fault in kernel mode.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 09 23:20:12 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Alan Somers
>Release: 10.0-CURRENT
>Organization:
SpectraLogic
>Environment:
FreeBSD fbtst.eng 10.0-CURRENT FreeBSD 10.0-CURRENT #11: Mon Jan 9 22:51:28 MST 2012 alans@fbdev.eng:/usr/home/alans/obj/usr/home/alans/spectra/branches/redline/projects/netback/SpectraBSD_head/sys/XENHVM.pmc amd64
>Description:
Attemping to use hwpmc from a Xen guest on a Core i7 running in 64 bit mode, I got the following crash on bootup:
xbd0: 20480MB <Virtual Block Device> at device/vbd/768 on xenbusb_front0
xbd0: attaching as ad0
Timecounter "TSC" frequency 2000036316 Hz quality 800
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x0
fault code = supervisor read instruction, page not present
instruction pointer = 0x20:0x0
stack pointer = 0x28:0xffffffff81985b90
frame pointer = 0x28:0xffffffff81985c10
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (swapper)
[ thread pid 0 tid 100000 ]
Stopped at 0: *** error reading from address 0 ***
db> where
Tracing pid 0 tid 100000 td 0xffffffff8154f8b0
uart_sab82532_class() at 0
load() at load+0x39
syscall_module_handler() at syscall_module_handler+0xe6
module_register_init() at module_register_init+0xb0
mi_startup() at mi_startup+0x139
btext() at btext+0x2c
The problem was that Xen changes the cpuid that guests see. Specifically, the result of do_cpuid(CORE_CPUID_REQUEST, cpuid) is changed to indicate that performance counters are not supported. Hence, pmc_core_initialize() returns EPROGMISMATCH. Eventually, that causes pmc_initialize() to execute a null function pointer at line 4692. Really, the root cause of the problem is that hwpmc isn't written very defensively. I've attached a patch that makes the panic go away, but doesn't make PMC work for my processor.
>How-To-Repeat:
Compile an amd64 Xen domU kernel with the below lines in your configuration file and boot it:
options HWPMC_HOOKS
device hwpmc
>Fix:
==== sys/dev/hwpmc/hwpmc_mod.c#2 (text) ====
@@ -4689,7 +4689,15 @@
if (md->pmd_pcpu_init)
error = md->pmd_pcpu_init(md, cpu);
for (n = 0; error == 0 && n < md->pmd_nclass; n++)
- error = md->pmd_classdep[n].pcd_pcpu_init(md, cpu);
+ if (md->pmd_classdep[n].pcd_pcpu_init != NULL)
+ error = md->pmd_classdep[n].pcd_pcpu_init(md,
+ cpu);
+ else
+ printf("hwpmc: md->pmd_classdep[%d]."
+ "pcd_pcpu_init was not initialized. "
+ "This is a bug.\n"
+ "\tMost likely your CPUID is not "
+ "recognized by hwpmc.\n", n);
}
pmc_restore_cpu_binding(&pb);
@@ -4882,7 +4890,15 @@
continue;
pmc_select_cpu(cpu);
for (c = 0; c < md->pmd_nclass; c++)
- md->pmd_classdep[c].pcd_pcpu_fini(md, cpu);
+ if (md->pmd_classdep[c].pcd_pcpu_fini != NULL)
+ md->pmd_classdep[c].pcd_pcpu_fini(md,
+ cpu);
+ else
+ printf("hwpmc: md->pmd_classdep[%d]."
+ "pcd_pcpu_fini was not initialized."
+ " This is a bug.\n"
+ "\tMost likely your CPUID is not "
+ "recognized by hwpmc.\n", c);
if (md->pmd_pcpu_fini)
md->pmd_pcpu_fini(md, cpu);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201092316.q09NGaiu090182>