Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Jan 2023 14:59:49 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 268857] pmcstat crashes on particular event/CPU combination
Message-ID:  <bug-268857-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268857

            Bug ID: 268857
           Summary: pmcstat crashes on particular event/CPU combination
           Product: Base System
           Version: 13.1-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: jfc@mit.edu

The following command crashes on Zen CPUs but not older AMD CPUs:

$ pmcstat -P k8-ic-refill-from-l2 echo -n
initlog   0x9030000 "AMD_K8"
Segmentation fault (core dumped)

Perhaps "k8-ic-refill-from-l2" is not a valid event for Zen.  That is not
easily discoverable and should not crash the program.

lldb says

* thread #1, name =3D 'pmcstat', stop reason =3D breakpoint 1.1
    frame #0: 0x000000720ad83c02
libpmc.so.5`pmc_pmu_event_get_by_idx(cpuid=3D<unavailable>, idx=3D8350) at
libpmc_pmu_util.c:293:2
   290=20=20
   291          if ((pme =3D pmu_events_map_get(cpuid)) =3D=3D NULL)
   292                  return (NULL);
-> 293          assert(pme->table[idx].name);
   294          return (pme->table[idx].name);
   295  }
   296=20=20
(lldb) p pme
(const pmu_events_map *) $2 =3D 0x000000720af7f9f0
(lldb) p *pme
(const pmu_events_map) $3 =3D {
  cpuid =3D 0x000000720abe6054 "AuthenticAMD-23-[[:xdigit:]]+"
  version =3D 0x000000720ad0c2ad "v1"
  type =3D 0x000000720ad18386 "core"
  table =3D 0x000000720af70890
}

Array index idx=3D8350 is out of bounds and looking up pme->table[idx].name
causes a segfault.  I would suggest a bounds check, but I don't see any arr=
ay
size field to compare against.

More specifically, pmcstat crashes on

CPU: AMD EPYC 7402P 24-Core Processor                (2794.84-MHz K8-class =
CPU)
  Origin=3D"AuthenticAMD"  Id=3D0x830f10  Family=3D0x17  Model=3D0x31  Step=
ping=3D0
CPU: AMD Ryzen 5 PRO 2400GE w/ Radeon Vega Graphics  (3194.22-MHz K8-class =
CPU)
  Origin=3D"AuthenticAMD"  Id=3D0x810f10  Family=3D0x17  Model=3D0x11  Step=
ping=3D0

but pmcstat does not crash on

CPU: AMD Opteron(tm) X3421 APU                       (2096.10-MHz K8-class =
CPU)
  Origin=3D"AuthenticAMD"  Id=3D0x660f01  Family=3D0x15  Model=3D0x60  Step=
ping=3D1

I am reporting against 13.1-STABLE.  The bug is also present in CURRENT as =
of
last summer.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268857-227>