Bug #16404


amdzen should not allow DF reads with an unknown version

Added by Robert Mustacchi 2 months ago. Updated about 1 month ago.

Start date:
Due date:
% Done:


Estimated time:
Gerrit CR:
External Bug:


While working with someone on some testing with the developer zen_udf driver, I accidentally panicked their system. This was because the DF revision wasn't correctly determined (a separate bug), so the attempt to use /usr/lib/df/udf enocded the unknown revision and the system refused to proceed because it didn't know the registers were valid. This check should be elevated into the amdzen client DF reads.

I've tested this in two ways. The first is normal operation on systems that work and confirming that everything still attaches and that we can get the amdzen driver and its children attached and that we can successfully use the udf utility. The second was manually inducing the failure path by tweaking the value of the revision back to unknown. Here's what that looks like:

rm@remus ~ $ pfexec /usr/lib/udf -d /devices/pseudo/amdzen@0/zen_udf@3:zen_udf.0 -f 0 -i 0 -r 0x44
ifr 0/0/44: 0x1911264
rm@remus ~ $ pfexec mdb -kw
Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc apix scsi_vhci zfs sata ip hook neti sockfs arp usba xhci smbios stmf stmf_sbd mm lofs crypto random cpc ufs logindmux nsmb ptm smbsrv klmmod nfs vmm ]
> *amdzen_data::print -at  amdzen_t azn_dfs[0]
fffffe59cabff4b0 amdzen_df_t azn_dfs[0] = {
    fffffe59cabff4b0 amdzen_df_flags_t azn_dfs[0].adf_flags = 0x3 (AMDZEN_DF_F_{VALID|FOUND_NB})
    fffffe59cabff4b4 uint_t azn_dfs[0].adf_nb_busno = 0xc0
    fffffe59cabff4b8 amdzen_stub_t *[8] azn_dfs[0].adf_funcs = [ 0xfffffe59d6f75440, 0xfffffe59d7ae9ac0, 0xfffffe59d6f756c8, 0xfffffe59d7adf620, 0xfffffe59d7adfa10, 0xfffffe59e3380210, 0xfffffe59e3114ba8, 0xfffffe59e8e386f8 ]
    fffffe59cabff4f8 amdzen_stub_t *azn_dfs[0].adf_nb = 0xfffffe59e38e7d60
    fffffe59cabff500 uint8_t azn_dfs[0].adf_major = 0x3
    fffffe59cabff501 uint8_t azn_dfs[0].adf_minor = 0
    fffffe59cabff504 uint_t azn_dfs[0].adf_nents = 0x2b
    fffffe59cabff508 df_rev_t azn_dfs[0].adf_rev = 0x2 (DF_REV_3)
    fffffe59cabff510 amdzen_df_ent_t *azn_dfs[0].adf_ents = 0xfffffe59f49af000
    fffffe59cabff518 uint32_t azn_dfs[0].adf_nodeid = 0
    fffffe59cabff51c uint32_t azn_dfs[0].adf_syscfg = 0x1
    fffffe59cabff520 uint32_t azn_dfs[0].adf_mask0 = 0x20001f
    fffffe59cabff524 uint32_t azn_dfs[0].adf_mask1 = 0x1000005
    fffffe59cabff528 uint32_t azn_dfs[0].adf_mask2 = 0
    fffffe59cabff52c uint32_t azn_dfs[0].adf_nccm = 0x8
    fffffe59cabff530 df_fabric_decomp_t azn_dfs[0].adf_decomp = {
        fffffe59cabff530 uint32_t dfd_sock_mask = 0x1
        fffffe59cabff534 uint32_t dfd_die_mask = 0
        fffffe59cabff538 uint32_t dfd_node_mask = 0x20
        fffffe59cabff53c uint32_t dfd_comp_mask = 0x1f
        fffffe59cabff540 uint8_t dfd_sock_shift = 0
        fffffe59cabff541 uint8_t dfd_die_shift = 0
        fffffe59cabff542 uint8_t dfd_node_shift = 0x5
        fffffe59cabff543 uint8_t dfd_comp_shift = 0
> fffffe59cabff508/W 0
0xfffffe59cabff508:             0x2             =       0x0
rm@remus ~ $ pfexec /usr/lib/udf -d /devices/pseudo/amdzen@0/zen_udf@3:zen_udf.0 -f 0 -i 0 -r 0x44
udf: failed to issue read ioctl: Operation not supported

Also available in: Atom PDF