From nobody@FreeBSD.org  Mon Jan  9 23:16:37 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 13C271065670
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  9 Jan 2012 23:16:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id EE04D8FC1B
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  9 Jan 2012 23:16:36 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q09NGahp090183
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 9 Jan 2012 23:16:36 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q09NGaiu090182;
	Mon, 9 Jan 2012 23:16:36 GMT
	(envelope-from nobody)
Message-Id: <201201092316.q09NGaiu090182@red.freebsd.org>
Date: Mon, 9 Jan 2012 23:16:36 GMT
From: Alan Somers <alans@spectralogic.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Loading hwpmc with an unknown cpuid causes a page fault in kernel mode.
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         163978
>Category:       kern
>Synopsis:       [hwpmc] [patch] Loading hwpmc with an unknown cpuid causes a page fault in kernel mode.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          feedback
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 09 23:20:12 UTC 2012
>Closed-Date:    
>Last-Modified:  Fri May  3 21:00:02 UTC 2013
>Originator:     Alan Somers
>Release:        10.0-CURRENT
>Organization:
SpectraLogic
>Environment:
FreeBSD fbtst.eng 10.0-CURRENT FreeBSD 10.0-CURRENT #11: Mon Jan  9 22:51:28 MST 2012     alans@fbdev.eng:/usr/home/alans/obj/usr/home/alans/spectra/branches/redline/projects/netback/SpectraBSD_head/sys/XENHVM.pmc  amd64

>Description:
Attemping to use hwpmc from a Xen guest on a Core i7 running in 64 bit mode, I got the following crash on bootup:

xbd0: 20480MB <Virtual Block Device> at device/vbd/768 on xenbusb_front0
xbd0: attaching as ad0
Timecounter "TSC" frequency 2000036316 Hz quality 800


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address	= 0x0
fault code		= supervisor read instruction, page not present
instruction pointer	= 0x20:0x0
stack pointer	        = 0x28:0xffffffff81985b90
frame pointer	        = 0x28:0xffffffff81985c10
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 0 (swapper)
[ thread pid 0 tid 100000 ]
Stopped at      0:      *** error reading from address 0 ***
db> where
Tracing pid 0 tid 100000 td 0xffffffff8154f8b0
uart_sab82532_class() at 0
load() at load+0x39
syscall_module_handler() at syscall_module_handler+0xe6
module_register_init() at module_register_init+0xb0
mi_startup() at mi_startup+0x139
btext() at btext+0x2c

The problem was that Xen changes the cpuid that guests see.  Specifically, the result of do_cpuid(CORE_CPUID_REQUEST, cpuid) is changed to indicate that performance counters are not supported.  Hence, pmc_core_initialize() returns EPROGMISMATCH.  Eventually, that causes pmc_initialize() to execute a null function pointer at line 4692.  Really, the root cause of the problem is that hwpmc isn't written very defensively.  I've attached a patch that makes the panic go away, but doesn't make PMC work for my processor.
>How-To-Repeat:
Compile an amd64 Xen domU kernel with the below lines in your configuration file and boot it:
options    HWPMC_HOOKS
device     hwpmc

>Fix:
==== sys/dev/hwpmc/hwpmc_mod.c#2 (text) ====

@@ -4689,7 +4689,15 @@
                if (md->pmd_pcpu_init)
                        error = md->pmd_pcpu_init(md, cpu);
                for (n = 0; error == 0 && n < md->pmd_nclass; n++)
-                       error = md->pmd_classdep[n].pcd_pcpu_init(md, cpu);
+                       if (md->pmd_classdep[n].pcd_pcpu_init != NULL)
+                               error = md->pmd_classdep[n].pcd_pcpu_init(md,
+                                   cpu);
+                       else
+                               printf("hwpmc: md->pmd_classdep[%d]."
+                                   "pcd_pcpu_init was not initialized.  "
+                                   "This is a bug.\n"
+                                   "\tMost likely your CPUID is not "
+                                   "recognized by hwpmc.\n", n);
        }
        pmc_restore_cpu_binding(&pb);
 
@@ -4882,7 +4890,15 @@
                                continue;
                        pmc_select_cpu(cpu);
                        for (c = 0; c < md->pmd_nclass; c++)
-                               md->pmd_classdep[c].pcd_pcpu_fini(md, cpu);
+                               if (md->pmd_classdep[c].pcd_pcpu_fini != NULL)
+                                       md->pmd_classdep[c].pcd_pcpu_fini(md,
+                                           cpu);
+                               else
+                                       printf("hwpmc: md->pmd_classdep[%d]."
+                                           "pcd_pcpu_fini was not initialized."
+                                           "  This is a bug.\n"
+                                           "\tMost likely your CPUID is not "
+                                           "recognized by hwpmc.\n", c);
                        if (md->pmd_pcpu_fini)
                                md->pmd_pcpu_fini(md, cpu);
                }


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: davide 
State-Changed-When: Thu May 2 13:16:37 UTC 2013 
State-Changed-Why:  
Alan, some changes have been recently committed to HEAD, and the problem 
should be solved. I've not tested on Xen because I've not a machine with 
that available, but I was able to reproduce this same bug on VirtualBB. 
Do you mind to test if it also fixes the problem for you? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163978 

From: asomers@gmail.com
To: bug-followup@FreeBSD.org, alans@spectralogic.com
Cc:  
Subject: Re: kern/163978: [hwpmc] [patch] Loading hwpmc with an unknown cpuid
 causes a page fault in kernel mode.
Date: Fri, 3 May 2013 14:49:55 -0600

 Actually, I don't have a Xen machine anymore, either.  Sorry.
>Unformatted:
