Bugtraq mailing list archives

More info on SPARC CPU bug

From: mycroft () MIT EDU (Charles M. Hannum)
Date: Fri, 24 Oct 1997 20:23:57 -0400


I have so far only been able to reproduce the hang on 170 MHz SS5s.  I
have *not* been able to reproduce it on 85 MHz SS5s, 110 MHz SS4s,
Ultras, Classics, or pre-4m machines.

Specifically, the CPU that hangs is identified as a MB86907 (made by
Fujitsu), running at 170 MHz.  It hangs when running the same code
under either Solaris 2.5.1 or NetBSD 1.3_ALPHA, so I believe the bug
is not OS-related.

As far as I can tell, the CPU wedges completely; all response from I/O
peripherals is dead, including L1-A on the keyboard and break on a
serial console.

To review, the sequence of instructions that causes the hang is:

L1:
        b,a L1
        retl

I have not exhaustively tested other instructions in the branch delay
slot, but `ret' and `nop' also appear to `work' (i.e. cause the hang).
It appears to be the branch instruction alone that's responsible for
the hang.  A non-annulled branch does not have the same effect.

Current thread:

ISS Security Alert X-Force (Oct 22)
- Re: ISS Security Alert Aleph One (Oct 22)
- BSDI termcap exploit Joseph_K (Oct 22)
- Possible SERIOUS bug in open()? Aleph One (Oct 23)
- Cute SPARC CPU bug Charles M. Hannum (Oct 24)
  - Re: Cute SPARC CPU bug Dmitry Kohmanyuk Дмитрий Кохманюк (Oct 24)
  - More info on SPARC CPU bug Charles M. Hannum (Oct 24)
- <Possible follow-ups>
- Re: ISS Security Alert David LeBlanc (Oct 23)