[Bug 276426] amd64: microcode update caused a page fault trying to send data to the logger

Thu, 18 Jan 2024 12:57:32 -0800 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276426

--- Comment #6 from John F. Carr <j...@mit.edu> ---
The first crash is from AMD Excavator (Family 0x15) running 12.4.  That
processor is from 2015 and may not have SMAP.

The second crash is from AMD Zen 2 (Family 0x17) running 13.2.  That processor
is from 2020 and has SMAP before microcode is loaded.  Features do not change
when microcode is loaded.

In the code below the marked mov %rdx,(%rdi) at 0xffffffff81088c43 is the
faulting instruction.  The fault address is at the start of a page in the user
address space and is the same as uio->uio_iov[0].iov_base, i.e. the first word
to be written.  The value of td->td_md.md_pcb.pcb_onfault is 0 in the dump
image.  I can't tell what it was while copyout was running.  A comment says it
should be non-null.

   0xffffffff81088c1c <copyout_smap_std+60>:    mov    %rsi,%rdi
   0xffffffff81088c1f <copyout_smap_std+63>:    mov    %r8,%rsi
   0xffffffff81088c22 <copyout_smap_std+66>:    mov    %rdx,%rcx
   0xffffffff81088c25 <copyout_smap_std+69>:    stac
   0xffffffff81088c28 <copyout_smap_std+72>:    cmp    $0x20,%rcx
   0xffffffff81088c2c <copyout_smap_std+76>:    jbe    0xffffffff81088c90
<copyout_smap_std+176>
   0xffffffff81088c2e <copyout_smap_std+78>:    cmp    $0x100,%rcx
   0xffffffff81088c35 <copyout_smap_std+85>:    ja     0xffffffff81088d70
<copyout_smap_std+400>
   0xffffffff81088c3b <copyout_smap_std+91>:    nopl   0x0(%rax,%rax,1)
   0xffffffff81088c40 <copyout_smap_std+96>:    mov    (%rsi),%rdx
*  0xffffffff81088c43 <copyout_smap_std+99>:    mov    %rdx,(%rdi)
   0xffffffff81088c46 <copyout_smap_std+102>:   mov    0x8(%rsi),%rdx
   0xffffffff81088c4a <copyout_smap_std+106>:   mov    %rdx,0x8(%rdi)
   0xffffffff81088c4e <copyout_smap_std+110>:   mov    0x10(%rsi),%rdx
   0xffffffff81088c52 <copyout_smap_std+114>:   mov    %rdx,0x10(%rdi)
   0xffffffff81088c56 <copyout_smap_std+118>:   mov    0x18(%rsi),%rdx
   0xffffffff81088c5a <copyout_smap_std+122>:   mov    %rdx,0x18(%rdi)
   0xffffffff81088c5e <copyout_smap_std+126>:   lea    0x20(%rsi),%rsi
   0xffffffff81088c62 <copyout_smap_std+130>:   lea    0x20(%rdi),%rdi
   0xffffffff81088c66 <copyout_smap_std+134>:   sub    $0x20,%rcx

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to