Bugtraq mailing list archives
Re: Cyrix bug: freeze in hell, badboy
From: prj () NLS NET (Phillip R. Jaenke)
Date: Fri, 5 Feb 1999 14:57:08 -0500
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 5 Feb 1999, John Byrne wrote:
Ragnar Hojland Espinosa wrote:I emailed Cyrix a few months ago, and even managed to get a "oh, we will look at it" thanks to Rafael Reilova, but that was it till today. A couple of people did report it, effectively, froze (most of) their Cyrix CPUs while running the opcodes below as non priviledged user. While I don't have the enough knowledge to assure this _is_ a CPU bug, it certainly looks like one to me (NO_LOCK isn't a workaround, btw). 0x804a368 <the_data>: cwtl 0x804a36a <the_data+2>: orl $0xe6ebe020,%eax 0x804a36f <the_data+7>: jle 0x804a368 <the_data> Here is the code (tested with linux, any version): /* Please compile without optimizations */ unsigned char the_data[] = { 62, 152, 13, 32, 224, 235, 230, 126, 247 }; void (*badboy)(); int main (int argc, char **argv) { badboy = (void(*)())(the_data); asm ("movl badboy,%eax"); asm ("call *%eax"); return 0; } If you try it, please send me your /proc/{cpuinfo,version} and if it freezes or not.I have done some research into this situation, and I've found that it's mostly related to the 75Mhz Cyrix Bus. I recommend that if you are running that speed, you step it down to 66mhz. The 75 mhz bus was built to allow faster processor speeds with all CPU's, but was never used by Intel or AMD. Because of this, not much software was tested on 75mhz busses, due to the monopolistic characteristics of Intel and AMD.
This is all too true. Also, Cyrix usually does fix bugs like that in the next revision, once notified of them. Also, keep in mind, most Cyrix processors have two models. ie; the mII-300 has a 3x75MHz and a 3.5x66MHz model. I tested against the 3.5x66MHz model, run at 3x75MHz, and it did not freeze. I'm willing to bet that a 3x75MHz model will lock up. This might be related to the TSC problem (Cyrix TSCs are slightly different from Intel/AMD TSC's) that occured in Linux a while back. Here's the vitals on my processor, as incorrectly reported by /proc/cpuinfo. vendor_id: CyrixInstead cpu family : 6 model: 2 model name : M II 3x Core/Bus Clock (This is incorrect. Mine is a 3.5x Core/Bus, run @ 3x) stepping: 8 fpu: yes fpu_exception: yes cpuid level : 1 wp: yes flags: fpu de tsc msr cx8 pge cmov mmx It would be interesting to know if this problem also occurs in Windows, *BSD, etc. It might possibly be a Linux-specific problem, due to the modifications that have been made to the kernel specifically for Cyrix processors. - Phillip R. Jaenke (prj () nls net | InterNIC: PRJ5) - "something is not right, but i don't think it's wrong." --anon *-- PGP signed emails welcomed and preferred here. --* -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBNrtNGcES8LwwGtVlAQFKdwP9EpBYuY1qoYvxuCVtqZnkLBAv9VsoywY/ bzw5tQKeL2NQGSyFFwUoPYqntvRsBc6DCEVUgJ1wPJq6Jggldd1uczlBIw3XJZeq ZOU4VOTpcPWXg3TRAvIRSZ3grmQzGsnGhUlPfW35BLREQJbB7OHDs9IWP8Jpg4k2 KuiEwKwfQos= =f+j4 -----END PGP SIGNATURE-----
Current thread:
- Re: Cyrix bug: freeze in hell, badboy John Byrne (Feb 05)
- Re: Cyrix bug: freeze in hell, badboy Phillip R. Jaenke (Feb 05)
- HP-UX 11.0/800 patches leave suid binaries Lamont Granquist (Feb 05)
- Re: HP-UX 11.0/800 patches leave suid binaries Olle Segerdahl,D (Feb 08)
- Re: Cyrix bug: freeze in hell, badboy Ragnar Hojland Espinosa (Feb 06)
- remote exploit on pine 4.10 - neverending story? Michal Zalewski (Feb 07)
- Re: remote exploit on pine 4.10 - neverending story? Thomas Roessler (Feb 08)
- Re: remote exploit on pine 4.10 - neverending story? John D. Hardin (Feb 08)
- Possible Security Problem: Fake PGP Key Ben Laurie (Feb 08)
- ISS Internet Scanner Cannot be relied upon for conclusive Audits Mr. joej (Feb 07)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive blkadder () VALUE NET (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 08)
(Thread continues...)