[Bug 25087] GPU-Z shows no informations (helper kernel driver uses privileged rdmsr and wrmsr instructions to access MSRs)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Nov 6 10:56:12 CST 2011 

http://bugs.winehq.org/show_bug.cgi?id=25087

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net
            Summary|GPU-Z shows no informations |GPU-Z shows no informations
                   |                            |(helper kernel driver uses
                   |                            |privileged rdmsr and wrmsr
                   |                            |instructions to access
                   |                            |MSRs)

--- Comment #9 from Anastasius Focht <focht at gmx.net> 2011-11-06 10:56:12 CST ---
Hello,

the GPU-Z helper kernel driver tries to read MSR which requires ring 0
privileges, hence the exception:

--- snip ---
002b:trace:seh:raise_exception code=c0000005 flags=0 addr=0x541b9c ip=00541b9c
tid=002b
002b:trace:seh:raise_exception  info[0]=00000000
002b:trace:seh:raise_exception  info[1]=ffffffff
002b:trace:seh:raise_exception  eax=00000004 ebx=0053e700 ecx=0000002a
edx=0053ef8c esi=0053e690 edi=0011aa30
002b:trace:seh:raise_exception  ebp=0053e668 esp=0053e658 cs=0073 ds=007b
es=007b fs=0033 gs=003b flags=00210246
002b:trace:seh:call_vectored_handlers calling handler at 0x7ece433f
code=c0000005 flags=0
002b:trace:seh:call_vectored_handlers handler at 0x7ece433f returned 0
002b:trace:seh:call_stack_handlers calling handler at 0x7bc98061 code=c0000005
flags=0
002b:Call KERNEL32.UnhandledExceptionFilter(0053e130) ret=7bc9809b
wine: Unhandled page fault on read access to 0xffffffff at address 0x541b9c
(thread 002b), starting debugger... 

Register dump:
 CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b
 EIP:00541b9c ESP:0053e658 EBP:0053e668 EFLAGS:00210246(  R- --  I  Z- -P- )
 EAX:00000004 EBX:0053e700 ECX:0000002a EDX:0053ef8c
 ESI:0053e690 EDI:0011aa30
Stack dump:
0x0053e658:  0053e700 0000002b 7ecfbff4 00000000
0x0053e668:  0053e778 7ece4afa 00121cc0 0053e690
0x0053e678:  00541b00 00121cc0 0053e690 00000008
0x0053e688:  00000002 7ffd0000 55555555 0053e724
0x0053e698:  55555555 0011aa30 55555555 55555555
0x0053e6a8:  55555555 55555555 55555501 55555555
Backtrace:
=>0 0x00541b9c in gpu-z.sys (+0x1b9c) (0x0053e668)
  1 0x7ece4afa process_ioctl+0x226(device=0x121cc0, code=0x80006448,
in_buff=0x11aa30, in_size=0x4, out_buff=0x11aa48, out_size=0x53e7b8)
[/home/focht/projects/wine/wine-git/dlls/ntoskrnl.exe/ntoskrnl.c:182] in
ntoskrnl (0x0053e778)
  2 0x7ece4f3a wine_ntoskrnl_main_loop+0x3a8(stop_event=0x30)
[/home/focht/projects/wine/wine-git/dlls/ntoskrnl.exe/ntoskrnl.c:252] in
ntoskrnl (0x0053e898)
  3 0x7bc6843e call_entry_point+0x29() in ntdll (0x0053e8b8)
  4 0x7bc68669 relay_call+0x1bb(descr=0x7ed09ff4, idx=0x105cb, stack=0x53e91c)
[/home/focht/projects/wine/wine-git/dlls/ntdll/relay.c:434] in ntdll
(0x0053e908)
  5 0x7ece3405 in ntoskrnl (+0x13404) (0x0053e988)
  6 0x7ed8b6a0 ServiceMain+0x156(argc=0, argv=0x11a7a0)
[/home/focht/projects/wine/wine-git/programs/winedevice/device.c:297] in
winedevice (0x0053e988)
  7 0x7ed4e431 service_thread+0x165(arg=0x1192d0)
[/home/focht/projects/wine/wine-git/dlls/advapi32/service.c:294] in advapi32
(0x0053ea28)
  8 0x7bc7f3e4 call_thread_func_wrapper+0xb() in ntdll (0x0053ea38)
  9 0x7bc7f42d call_thread_func+0x3e(entry=0x7ed4e2cb, arg=0x1192d0,
frame=0x53eb38)
[/home/focht/projects/wine/wine-git/dlls/ntdll/signal_i386.c:2532] in ntdll
(0x0053eb18)
  10 0x7bc7f3c2 call_thread_entry_point+0x11() in ntdll (0x0053eb38)
  11 0x7bc86fdf start_thread+0x1c6(info=0x7ffd0fb8)
[/home/focht/projects/wine/wine-git/dlls/ntdll/thread.c:405] in ntdll
(0x0053f398)
  12 0xb75a4d31 start_thread+0xd0() in libpthread.so.0 (0x0053f498)
0x00541b9c: rdmsr    
Modules:
Module    Address            Debug info    Name (29 modules)
PE      540000-  54b000    Export          gpu-z.sys
--- snip ---

MSR read code (driver ioctl handler):

--- snip ---
...
.text:00541B97                 mov     edi, [esi+0Ch]
.text:00541B9A                 mov     ecx, [edi]
.text:00541B9C                 rdmsr
.text:00541B9E                 mov     [edi], eax
.text:00541BA0                 mov     [edi+4], edx
...
--- snip ---

MSR write code (driver ioctl handler):

--- snip ---
...
.text:00541BCF                 mov     edx, [esi+0Ch]
.text:00541BD2                 mov     ecx, [edx]
.text:00541BD4                 mov     eax, [edx+4]
.text:00541BD7                 mov     edx, [edx+8]
.text:00541BDA                 wrmsr
...
--- snip ---

Both instructions cause exceptions hence you could emulate them - at least to
prevent the crash.

For real data you would need "msr" kernel module configured/loaded that allows
userspace apps to access those registers though the drivers ioctl interface.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list