Date: Wed, 20 Oct 2021 00:24:20 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 259218] Fatal trap 12: page fault while in kernel mode Message-ID: <bug-259218-227-Rh7vtLVDJr@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-259218-227@https.bugs.freebsd.org/bugzilla/> References: <bug-259218-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D259218 --- Comment #13 from Dennis Clarke <dclarke@blastwave.org> --- Here is the disassembly : dclarke@esther:~ $ uname -apKU FreeBSD esther 14.0-CURRENT FreeBSD 14.0-CURRENT #0 main-n250102-d95c0a12a2= d: Mon Oct 18 05:58:15 GMT 2021=20=20=20=20 root@esther:/usr/obj/usr/src/i386.i386/sys/GENERIC i386 i386 1400038 14000= 38 dclarke@esther:~ $=20 dclarke@esther:~ $=20 dclarke@esther:~ $ ls -lap /usr/obj/usr/src/i386.i386/sys/GENERIC/kernel.fu= ll -rwxr-xr-x 1 root wheel 86441196 Oct 18 05:58 /usr/obj/usr/src/i386.i386/sys/GENERIC/kernel.full dclarke@esther:~ $=20 dclarke@esther:~ $ TERM=3Ddumb gdb -q /usr/obj/usr/src/i386.i386/sys/GENERIC/kernel.full Reading symbols from /usr/obj/usr/src/i386.i386/sys/GENERIC/kernel.full... (gdb) disassemble random_nehemiah_read Dump of assembler code for function random_nehemiah_read: 0x014041e0 <+0>: push %ebp 0x014041e1 <+1>: mov %esp,%ebp 0x014041e3 <+3>: push %ebx 0x014041e4 <+4>: push %edi 0x014041e5 <+5>: push %esi 0x014041e6 <+6>: and $0xfffffff8,%esp 0x014041e9 <+9>: sub $0x18,%esp 0x014041ec <+12>: mov %fs:0x0,%eax 0x014041f2 <+18>: push $0x0 0x014041f4 <+20>: push 0x1e5bb30 0x014041fa <+26>: mov %eax,0xc(%esp) 0x014041fe <+30>: push %eax 0x014041ff <+31>: call 0x1416e90 <fpu_kern_enter> 0x01404204 <+36>: add $0xc,%esp 0x01404207 <+39>: cmpl $0x0,0xc(%ebp) 0x0140420b <+43>: je 0x1404277 <random_nehemiah_read+151> 0x0140420d <+45>: mov 0x8(%ebp),%esi 0x01404210 <+48>: mov 0xc(%ebp),%ebx 0x01404213 <+51>: jmp 0x1404235 <random_nehemiah_read+85> 0x01404215 <+53>: nop 0x01404216 <+54>: nop 0x01404217 <+55>: nop 0x01404218 <+56>: nop 0x01404219 <+57>: nop 0x0140421a <+58>: nop 0x0140421b <+59>: nop 0x0140421c <+60>: nop 0x0140421d <+61>: nop 0x0140421e <+62>: nop 0x0140421f <+63>: nop 0x01404220 <+64>: push %edi 0x01404221 <+65>: lea 0xc(%esp),%eax 0x01404225 <+69>: push %eax 0x01404226 <+70>: push %esi 0x01404227 <+71>: call 0x142caf8 <memcpy> 0x0140422c <+76>: add $0xc,%esp 0x0140422f <+79>: add %edi,%esi 0x01404231 <+81>: sub %edi,%ebx 0x01404233 <+83>: je 0x1404277 <random_nehemiah_read+151> 0x01404235 <+85>: xor %edx,%edx 0x01404237 <+87>: lea 0x8(%esp),%edi --Type <RET> for more, q to quit, c to continue without paging-- 0x0140423b <+91>: mov $0x0,%edx 0x01404240 <+96>: repz xstore-rng=20 0x01404244 <+100>: and $0x1f,%eax 0x01404247 <+103>: test %edx,%edx 0x01404249 <+105>: mov $0x0,%ecx 0x0140424e <+110>: cmovne %ecx,%eax 0x01404251 <+113>: mov %ebx,%edi 0x01404253 <+115>: cmp %ebx,%eax 0x01404255 <+117>: jae 0x1404220 <random_nehemiah_read+64> 0x01404257 <+119>: xor %edx,%edx 0x01404259 <+121>: lea 0x8(%esp),%edi 0x0140425d <+125>: mov $0x0,%edx 0x01404262 <+130>: repz xstore-rng=20 0x01404266 <+134>: mov %eax,%edi 0x01404268 <+136>: and $0x1f,%edi 0x0140426b <+139>: test %edx,%edx 0x0140426d <+141>: mov $0x0,%eax 0x01404272 <+146>: cmovne %eax,%edi 0x01404275 <+149>: jmp 0x1404220 <random_nehemiah_read+64> 0x01404277 <+151>: push 0x1e5bb30 0x0140427d <+157>: push 0x8(%esp) 0x01404281 <+161>: call 0x1417100 <fpu_kern_leave> 0x01404286 <+166>: add $0x8,%esp 0x01404289 <+169>: mov 0xc(%ebp),%eax 0x0140428c <+172>: lea -0xc(%ebp),%esp 0x0140428f <+175>: pop %esi 0x01404290 <+176>: pop %edi 0x01404291 <+177>: pop %ebx 0x01404292 <+178>: pop %ebp 0x01404293 <+179>: ret=20=20=20=20 End of assembler dump. (gdb) list *random_nehemiah_read 0x14041e0 is in random_nehemiah_read (/usr/src/sys/dev/random/nehemiah.c:99= ). 94 } 95 96 /* It is specifically allowed that buf is a multiple of sizeof(long= ) */ 97 static u_int 98 random_nehemiah_read(void *buf, u_int c) 99 { 100 uint8_t *b; 101 size_t count, ret; 102 uint64_t tmp; 103 (gdb)=20 104 fpu_kern_enter(curthread, fpu_ctx_save, FPU_KERN_NORMAL); 105 b =3D buf; 106 for (count =3D c; count > 0; count -=3D ret) { 107 ret =3D MIN(VIA_RNG_store(&tmp), count); 108 memcpy(b, &tmp, ret); 109 b +=3D ret; 110 } 111 fpu_kern_leave(curthread, fpu_ctx_save); 112 113 return (c); (gdb)=20 114 } 115 116 static int 117 nehemiah_modevent(module_t mod, int type, void *unused) 118 { 119 int error =3D 0; 120 121 switch (type) { 122 case MOD_LOAD: 123 if (via_feature_rng & VIA_HAS_RNG) { (gdb) quit dclarke@esther:~ $ --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-259218-227-Rh7vtLVDJr>