diagnostics: Implemented collection functions and create first metrics

- Also implemented robust error handling and failovers - Vendored klauspost/cpuid

diagnostics: Implemented collection functions and create first metrics
- Also implemented robust error handling and failovers - Vendored klauspost/cpuid
388ff6bc · Matthew Holt · 8f0b44b8 · 388ff6bc · 388ff6bc · 388ff6bc
Commit 388ff6bc authored Feb 08, 2018 by Matthew Holt
20 changed files
--- a/caddy/caddymain/run.go
+++ b/caddy/caddymain/run.go
@@ -27,6 +27,7 @@ import (
 	"strings"

 	"github.com/google/uuid"
+	"github.com/klauspost/cpuid"
 	"github.com/mholt/caddy"
 	"github.com/mholt/caddy/caddytls"
 	"github.com/mholt/caddy/diagnostics"
@@ -51,6 +52,7 @@ func init() {
 	flag.StringVar(&caddytls.DefaultEmail, "email", "", "Default ACME CA account email address")
 	flag.DurationVar(&acme.HTTPClient.Timeout, "catimeout", acme.HTTPClient.Timeout, "Default ACME CA HTTP timeout")
 	flag.StringVar(&logfile, "log", "", "Process log file")
+	flag.BoolVar(&noDiag, "no-diagnostics", false, "Disable diagnostic reporting")
 	flag.StringVar(&caddy.PidFile, "pidfile", "", "Path to write pid file")
 	flag.BoolVar(&caddy.Quiet, "quiet", false, "Quiet mode (no initialization output)")
 	flag.StringVar(&revoke, "revoke", "", "Hostname for which to revoke the certificate")
@@ -88,7 +90,9 @@ func Run() {
 	}

 	// initialize diagnostics client
-	initDiagnostics()
+	if !noDiag {
+		initDiagnostics()
+	}

 	// Check for one-time actions
 	if revoke != "" {
@@ -146,6 +150,23 @@ func Run() {
 	// Execute instantiation events
 	caddy.EmitEvent(caddy.InstanceStartupEvent, instance)

+	// Begin diagnostics (these are no-ops if diagnostics disabled)
+	diagnostics.Set("caddy_version", appVersion)
+	// TODO: plugins
+	diagnostics.Set("num_listeners", len(instance.Servers()))
+	diagnostics.Set("os", runtime.GOOS)
+	diagnostics.Set("arch", runtime.GOARCH)
+	diagnostics.Set("cpu", struct {
+		NumLogical int    `json:"num_logical"`
+		AESNI      bool   `json:"aes_ni"`
+		BrandName  string `json:"brand_name"`
+	}{
+		NumLogical: runtime.NumCPU(),
+		AESNI:      cpuid.CPU.AesNi(),
+		BrandName:  cpuid.CPU.BrandName,
+	})
+	diagnostics.StartEmitting()
+
 	// Twiddle your thumbs
 	instance.Wait()
 }
@@ -321,6 +342,7 @@ var (
 	version    bool
 	plugins    bool
 	validate   bool
+	noDiag     bool
 )

 // Build information obtained with the help of -ldflags

--- a/caddyhttp/httpserver/plugin.go
+++ b/caddyhttp/httpserver/plugin.go
@@ -29,6 +29,7 @@ import (
 	"github.com/mholt/caddy/caddyfile"
 	"github.com/mholt/caddy/caddyhttp/staticfiles"
 	"github.com/mholt/caddy/caddytls"
+	"github.com/mholt/caddy/diagnostics"
 )

 const serverType = "http"
@@ -205,6 +206,8 @@ func (h *httpContext) MakeServers() ([]caddy.Server, error) {
 		}
 	}

+	diagnostics.Set("num_sites", len(h.siteConfigs))
+
 	// we must map (group) each config to a bind address
 	groups, err := groupSiteConfigsByListenAddr(h.siteConfigs)
 	if err != nil {

--- a/caddyhttp/httpserver/server.go
+++ b/caddyhttp/httpserver/server.go
@@ -36,6 +36,7 @@ import (
 	"github.com/mholt/caddy"
 	"github.com/mholt/caddy/caddyhttp/staticfiles"
 	"github.com/mholt/caddy/caddytls"
+	"github.com/mholt/caddy/diagnostics"
 )

 // Server is the HTTP server implementation.
@@ -345,6 +346,8 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}
 	}()

+	go diagnostics.AppendUniqueString("user_agent", r.Header.Get("User-Agent"))
+
 	// copy the original, unchanged URL into the context
 	// so it can be referenced by middlewares
 	urlCopy := *r.URL

--- a/caddytls/client.go
+++ b/caddytls/client.go
@@ -26,6 +26,7 @@ import (
 	"time"

 	"github.com/mholt/caddy"
+	"github.com/mholt/caddy/diagnostics"
 	"github.com/xenolf/lego/acme"
 )

@@ -276,6 +277,8 @@ Attempts:
 		break
 	}

+	go diagnostics.Increment("acme_certificates_obtained")
+
 	return nil
 }

@@ -350,8 +353,9 @@ func (c *ACMEClient) Renew(name string) error {
 		return errors.New("too many renewal attempts; last error: " + err.Error())
 	}

-	// Executes Cert renew events
 	caddy.EmitEvent(caddy.CertRenewEvent, name)
+	go diagnostics.Increment("acme_certificates_obtained")
+	go diagnostics.Increment("acme_certificates_renewed")

 	return saveCertResource(storage, newCertMeta)
 }

--- a/diagnostics/collection.go
+++ b/diagnostics/collection.go
+// Copyright 2015 Light Code Labs, LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package diagnostics
+
+import (
+	"log"
+
+	"github.com/google/uuid"
+)
+
+// Init initializes this package so that it may
+// be used. Do not call this function more than
+// once. Init panics if it is called more than
+// once or if the UUID value is empty. Once this
+// function is called, the rest of the package
+// may safely be used. If this function is not
+// called, the collector functions may still be
+// invoked, but they will be no-ops.
+func Init(instanceID uuid.UUID) {
+	if enabled {
+		panic("already initialized")
+	}
+	if instanceID.String() == "" {
+		panic("empty UUID")
+	}
+	instanceUUID = instanceID
+	enabled = true
+}
+
+// StartEmitting sends the current payload and begins the
+// transmission cycle for updates. This is the first
+// update sent, and future ones will be sent until
+// StopEmitting is called.
+//
+// This function is non-blocking (it spawns a new goroutine).
+//
+// This function panics if it was called more than once.
+// It is a no-op if this package was not initialized.
+func StartEmitting() {
+	if !enabled {
+		return
+	}
+	updateTimerMu.Lock()
+	if updateTimer != nil {
+		updateTimerMu.Unlock()
+		panic("updates already started")
+	}
+	updateTimerMu.Unlock()
+	updateMu.Lock()
+	if updating {
+		updateMu.Unlock()
+		panic("update already in progress")
+	}
+	updateMu.Unlock()
+	go logEmit(false)
+}
+
+// StopEmitting sends the current payload and terminates
+// the update cycle. No more updates will be sent.
+//
+// It is a no-op if the package was never initialized
+// or if emitting was never started.
+func StopEmitting() {
+	if !enabled {
+		return
+	}
+	updateTimerMu.Lock()
+	if updateTimer == nil {
+		updateTimerMu.Unlock()
+		return
+	}
+	updateTimerMu.Unlock()
+	logEmit(true)
+}
+
+// Set puts a value in the buffer to be included
+// in the next emission. It overwrites any
+// previous value.
+//
+// This function is safe for multiple goroutines,
+// and it is recommended to call this using the
+// go keyword after the call to SendHello so it
+// doesn't block crucial code.
+func Set(key string, val interface{}) {
+	if !enabled {
+		return
+	}
+	bufferMu.Lock()
+	if bufferItemCount >= maxBufferItems {
+		bufferMu.Unlock()
+		return
+	}
+	if _, ok := buffer[key]; !ok {
+		bufferItemCount++
+	}
+	buffer[key] = val
+	bufferMu.Unlock()
+}
+
+// Append appends value to a list named key.
+// If key is new, a new list will be created.
+// If key maps to a type that is not a list,
+// an error is logged, and this is a no-op.
+//
+// TODO: is this function needed/useful?
+func Append(key string, value interface{}) {
+	if !enabled {
+		return
+	}
+	bufferMu.Lock()
+	if bufferItemCount >= maxBufferItems {
+		bufferMu.Unlock()
+		return
+	}
+	// TODO: Test this...
+	bufVal, inBuffer := buffer[key]
+	sliceVal, sliceOk := bufVal.([]interface{})
+	if inBuffer && !sliceOk {
+		bufferMu.Unlock()
+		log.Printf("[PANIC] Diagnostics: key %s already used for non-slice value", key)
+		return
+	}
+	if sliceVal == nil {
+		buffer[key] = []interface{}{value}
+	} else if sliceOk {
+		buffer[key] = append(sliceVal, value)
+	}
+	bufferItemCount++
+	bufferMu.Unlock()
+}
+
+// AppendUniqueString adds value to a set named key.
+// Set items are unordered. Values in the set
+// are unique, but repeat values are counted.
+//
+// If key is new, a new set will be created.
+// If key maps to a type that is not a string
+// set, an error is logged, and this is a no-op.
+func AppendUniqueString(key, value string) {
+	if !enabled {
+		return
+	}
+	bufferMu.Lock()
+	if bufferItemCount >= maxBufferItems {
+		bufferMu.Unlock()
+		return
+	}
+	bufVal, inBuffer := buffer[key]
+	mapVal, mapOk := bufVal.(map[string]int)
+	if inBuffer && !mapOk {
+		bufferMu.Unlock()
+		log.Printf("[PANIC] Diagnostics: key %s already used for non-map value", key)
+		return
+	}
+	if mapVal == nil {
+		buffer[key] = map[string]int{value: 1}
+		bufferItemCount++
+	} else if mapOk {
+		mapVal[value]++
+	}
+	bufferMu.Unlock()
+}
+
+// AppendUniqueInt adds value to a set named key.
+// Set items are unordered. Values in the set
+// are unique, but repeat values are counted.
+//
+// If key is new, a new set will be created.
+// If key maps to a type that is not an integer
+// set, an error is logged, and this is a no-op.
+func AppendUniqueInt(key string, value int) {
+	if !enabled {
+		return
+	}
+	bufferMu.Lock()
+	if bufferItemCount >= maxBufferItems {
+		bufferMu.Unlock()
+		return
+	}
+	bufVal, inBuffer := buffer[key]
+	mapVal, mapOk := bufVal.(map[int]int)
+	if inBuffer && !mapOk {
+		bufferMu.Unlock()
+		log.Printf("[PANIC] Diagnostics: key %s already used for non-map value", key)
+		return
+	}
+	if mapVal == nil {
+		buffer[key] = map[int]int{value: 1}
+		bufferItemCount++
+	} else if mapOk {
+		mapVal[value]++
+	}
+	bufferMu.Unlock()
+}
+
+// Increment adds 1 to a value named key.
+// If it does not exist, it is created with
+// a value of 1. If key maps to a type that
+// is not an integer, an error is logged,
+// and this is a no-op.
+func Increment(key string) {
+	incrementOrDecrement(key, true)
+}
+
+// Decrement is the same as increment except
+// it subtracts 1.
+func Decrement(key string) {
+	incrementOrDecrement(key, false)
+}
+
+// inc == true:  increment
+// inc == false: decrement
+func incrementOrDecrement(key string, inc bool) {
+	if !enabled {
+		return
+	}
+	bufferMu.Lock()
+	bufVal, inBuffer := buffer[key]
+	intVal, intOk := bufVal.(int)
+	if inBuffer && !intOk {
+		bufferMu.Unlock()
+		log.Printf("[PANIC] Diagnostics: key %s already used for non-integer value", key)
+		return
+	}
+	if !inBuffer {
+		if bufferItemCount >= maxBufferItems {
+			bufferMu.Unlock()
+			return
+		}
+		bufferItemCount++
+	}
+	if inc {
+		buffer[key] = intVal + 1
+	} else {
+		buffer[key] = intVal - 1
+	}
+	bufferMu.Unlock()
+}
--- a/diagnostics/diagnostics.go
+++ b/diagnostics/diagnostics.go
@@ -12,14 +12,252 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+// Package diagnostics implements the client for server-side diagnostics
+// of the network. Functions in this package are synchronous and blocking
+// unless otherwise specified. For convenience, most functions here do
+// not return errors, but errors are logged to the standard logger.
+//
+// To use this package, first call Init(). You can then call any of the
+// collection/aggregation functions. Call StartEmitting() when you are
+// ready to begin sending diagnostic updates.
+//
+// When collecting metrics (functions like Set, Append*, or Increment),
+// it may be desirable and even recommended to run invoke them in a new
+// goroutine (use the go keyword) in case there is lock contention;
+// they are thread-safe (unless noted), and you may not want them to
+// block the main thread of execution. However, sometimes blocking
+// may be necessary too; for example, adding startup metrics to the
+// buffer before the call to StartEmitting().
 package diagnostics

 import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+	"sync"
+	"time"
+
 	"github.com/google/uuid"
 )

-func Init(uuid uuid.UUID) {
-	instanceUUID = uuid
+// logEmit calls emit and then logs the error, if any.
+func logEmit(final bool) {
+	err := emit(final)
+	if err != nil {
+		log.Printf("[ERROR] Sending diganostics: %v", err)
+	}
+}
+
+// emit sends an update to the diagnostics server.
+// If final is true, no future updates will be scheduled.
+// Otherwise, the next update will be scheduled.
+func emit(final bool) error {
+	if !enabled {
+		return fmt.Errorf("diagnostics not enabled")
+	}
+
+	// ensure only one update happens at a time;
+	// skip update if previous one still in progress
+	updateMu.Lock()
+	if updating {
+		updateMu.Unlock()
+		log.Println("[NOTICE] Skipping this diagnostics update because previous one is still working")
+		return nil
+	}
+	updating = true
+	updateMu.Unlock()
+	defer func() {
+		updateMu.Lock()
+		updating = false
+		updateMu.Unlock()
+	}()
+
+	// terminate any pending update if this is the last one
+	if final {
+		updateTimerMu.Lock()
+		updateTimer.Stop()
+		updateTimer = nil
+		updateTimerMu.Unlock()
+	}
+
+	payloadBytes, err := makePayloadAndResetBuffer()
+	if err != nil {
+		return err
+	}
+
+	// this will hold the server's reply
+	var reply Response
+
+	// transmit the payload - use a loop to retry in case of failure
+	for i := 0; i < 4; i++ {
+		if i > 0 && err != nil {
+			// don't hammer the server; first failure might have been
+			// a fluke, but back off more after that
+			log.Printf("[WARNING] Sending diagnostics (attempt %d): %v - waiting and retrying", i, err)
+			time.Sleep(time.Duration(i*i*i) * time.Second)
+		}
+
+		// send it
+		var resp *http.Response
+		resp, err = httpClient.Post(endpoint+instanceUUID.String(), "application/json", bytes.NewReader(payloadBytes))
+		if err != nil {
+			continue
+		}
+
+		// ensure we can read the response
+		if ct := resp.Header.Get("Content-Type"); (resp.StatusCode < 300 || resp.StatusCode >= 400) &&
+			!strings.Contains(ct, "json") {
+			err = fmt.Errorf("diagnostics server replied with unknown content-type: %s", ct)
+			resp.Body.Close()
+			continue
+		}
+
+		// read the response body
+		err = json.NewDecoder(resp.Body).Decode(&reply)
+		resp.Body.Close() // close response body as soon as we're done with it
+		if err != nil {
+			continue
+		}
+
+		// ensure we won't slam the diagnostics server
+		if reply.NextUpdate < 1*time.Second {
+			reply.NextUpdate = defaultUpdateInterval
+		}
+
+		// make sure we didn't send the update too soon; if so,
+		// just wait and try again -- this is a special case of
+		// error that we handle differently, as you can see
+		if resp.StatusCode == http.StatusTooManyRequests {
+			log.Printf("[NOTICE] Sending diagnostics: we were too early; waiting %s before trying again", reply.NextUpdate)
+			time.Sleep(reply.NextUpdate)
+			continue
+		} else if resp.StatusCode >= 400 {
+			err = fmt.Errorf("diagnostics server returned status code %d", resp.StatusCode)
+			continue
+		}
+
+		break
+	}
+	if err == nil {
+		// (remember, if there was an error, we return it
+		// below, so it will get logged if it's supposed to)
+		log.Println("[INFO] Sending diagnostics: success")
+	}
+
+	// even if there was an error after retrying, we should
+	// schedule the next update using our default update
+	// interval because the server might be healthy later
+
+	// schedule the next update (if this wasn't the last one and
+	// if the remote server didn't tell us to stop sending)
+	if !final && !reply.Stop {
+		updateTimerMu.Lock()
+		updateTimer = time.AfterFunc(reply.NextUpdate, func() {
+			logEmit(false)
+		})
+		updateTimerMu.Unlock()
+	}
+
+	return err
 }

+// makePayloadAndResetBuffer prepares a payload
+// by emptying the collection buffer. It returns
+// the bytes of the payload to send to the server.
+// Since the buffer is reset by this, if the
+// resulting byte slice is lost, the payload is
+// gone with it.
+func makePayloadAndResetBuffer() ([]byte, error) {
+	// make a local pointer to the buffer, then reset
+	// the buffer to an empty map to clear it out
+	bufferMu.Lock()
+	bufCopy := buffer
+	buffer = make(map[string]interface{})
+	bufferItemCount = 0
+	bufferMu.Unlock()
+
+	// encode payload in preparation for transmission
+	payload := Payload{
+		InstanceID: instanceUUID.String(),
+		Timestamp:  time.Now().UTC(),
+		Data:       bufCopy,
+	}
+	return json.Marshal(payload)
+}
+
+// Response contains the body of a response from the
+// diagnostics server.
+type Response struct {
+	// NextUpdate is how long to wait before the next update.
+	NextUpdate time.Duration `json:"next_update"`
+
+	// Stop instructs the diagnostics server to stop sending
+	// diagnostics. This would only be done under extenuating
+	// circumstances, but we are prepared for it nonetheless.
+	Stop bool `json:"stop,omitempty"`
+
+	// Error will be populated with an error message, if any.
+	// This field should be empty if the status code is < 400.
+	Error string `json:"error,omitempty"`
+}
+
+// Payload is the data that gets sent to the diagnostics server.
+type Payload struct {
+	// The universally unique ID of the instance
+	InstanceID string `json:"instance_id"`
+
+	// The UTC timestamp of the transmission
+	Timestamp time.Time `json:"timestamp"`
+
+	// The metrics
+	Data map[string]interface{} `json:"data,omitempty"`
+}
+
+// httpClient should be used for HTTP requests. It
+// is configured with a timeout for reliability.
+var httpClient = http.Client{Timeout: 1 * time.Minute}
+
+// buffer holds the data that we are building up to send.
+var buffer = make(map[string]interface{})
+var bufferItemCount = 0
+var bufferMu sync.RWMutex // protects both the buffer and its count
+
+// updating is used to ensure only one
+// update happens at a time.
+var updating bool
+var updateMu sync.Mutex
+
+// updateTimer fires off the next update.
+// If no update is scheduled, this is nil.
+var updateTimer *time.Timer
+var updateTimerMu sync.Mutex
+
+// instanceUUID is the ID of the current instance.
+// This MUST be set to emit diagnostics.
 var instanceUUID uuid.UUID
+
+// enabled indicates whether the package has
+// been initialized and can be actively used.
+var enabled bool
+
+const (
+	// endpoint is the base URL to remote diagnostics server;
+	// the instance ID will be appended to it.
+	endpoint = "http://localhost:8081/update/"
+
+	// defaultUpdateInterval is how long to wait before emitting
+	// more diagnostic data. This value is only used if the
+	// client receives a nonsensical value, or doesn't send one
+	// at all, indicating a likely problem with the server. Thus,
+	// this value should be a long duration to help alleviate
+	// extra load on the server.
+	defaultUpdateInterval = 1 * time.Hour
+
+	// maxBufferItems is the maximum number of items we'll allow
+	// in the buffer before we start dropping new ones, in a
+	// rough (simple) attempt to keep memory use under control.
+	maxBufferItems = 100000
+)
--- a/vendor/github.com/klauspost/cpuid/LICENSE
+++ b/vendor/github.com/klauspost/cpuid/LICENSE
+The MIT License (MIT)
+
+Copyright (c) 2015 Klaus Post
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
--- a/vendor/github.com/klauspost/cpuid/cpuid.go
+++ b/vendor/github.com/klauspost/cpuid/cpuid.go
--- a/vendor/github.com/klauspost/cpuid/cpuid_386.s
+++ b/vendor/github.com/klauspost/cpuid/cpuid_386.s
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// +build 386,!gccgo
+
+// func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuid(SB), 7, $0
+	XORL CX, CX
+	MOVL op+0(FP), AX
+	CPUID
+	MOVL AX, eax+4(FP)
+	MOVL BX, ebx+8(FP)
+	MOVL CX, ecx+12(FP)
+	MOVL DX, edx+16(FP)
+	RET
+
+// func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuidex(SB), 7, $0
+	MOVL op+0(FP), AX
+	MOVL op2+4(FP), CX
+	CPUID
+	MOVL AX, eax+8(FP)
+	MOVL BX, ebx+12(FP)
+	MOVL CX, ecx+16(FP)
+	MOVL DX, edx+20(FP)
+	RET
+
+// func xgetbv(index uint32) (eax, edx uint32)
+TEXT ·asmXgetbv(SB), 7, $0
+	MOVL index+0(FP), CX
+	BYTE $0x0f; BYTE $0x01; BYTE $0xd0 // XGETBV
+	MOVL AX, eax+4(FP)
+	MOVL DX, edx+8(FP)
+	RET
+
+// func asmRdtscpAsm() (eax, ebx, ecx, edx uint32)
+TEXT ·asmRdtscpAsm(SB), 7, $0
+	BYTE $0x0F; BYTE $0x01; BYTE $0xF9 // RDTSCP
+	MOVL AX, eax+0(FP)
+	MOVL BX, ebx+4(FP)
+	MOVL CX, ecx+8(FP)
+	MOVL DX, edx+12(FP)
+	RET
--- a/vendor/github.com/klauspost/cpuid/cpuid_amd64.s
+++ b/vendor/github.com/klauspost/cpuid/cpuid_amd64.s
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+//+build amd64,!gccgo
+
+// func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuid(SB), 7, $0
+	XORQ CX, CX
+	MOVL op+0(FP), AX
+	CPUID
+	MOVL AX, eax+8(FP)
+	MOVL BX, ebx+12(FP)
+	MOVL CX, ecx+16(FP)
+	MOVL DX, edx+20(FP)
+	RET
+
+// func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuidex(SB), 7, $0
+	MOVL op+0(FP), AX
+	MOVL op2+4(FP), CX
+	CPUID
+	MOVL AX, eax+8(FP)
+	MOVL BX, ebx+12(FP)
+	MOVL CX, ecx+16(FP)
+	MOVL DX, edx+20(FP)
+	RET
+
+// func asmXgetbv(index uint32) (eax, edx uint32)
+TEXT ·asmXgetbv(SB), 7, $0
+	MOVL index+0(FP), CX
+	BYTE $0x0f; BYTE $0x01; BYTE $0xd0 // XGETBV
+	MOVL AX, eax+8(FP)
+	MOVL DX, edx+12(FP)
+	RET
+
+// func asmRdtscpAsm() (eax, ebx, ecx, edx uint32)
+TEXT ·asmRdtscpAsm(SB), 7, $0
+	BYTE $0x0F; BYTE $0x01; BYTE $0xF9 // RDTSCP
+	MOVL AX, eax+0(FP)
+	MOVL BX, ebx+4(FP)
+	MOVL CX, ecx+8(FP)
+	MOVL DX, edx+12(FP)
+	RET
--- a/vendor/github.com/klauspost/cpuid/detect_intel.go
+++ b/vendor/github.com/klauspost/cpuid/detect_intel.go
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// +build 386,!gccgo amd64,!gccgo
+
+package cpuid
+
+func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32)
+func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+func asmXgetbv(index uint32) (eax, edx uint32)
+func asmRdtscpAsm() (eax, ebx, ecx, edx uint32)
+
+func initCPU() {
+	cpuid = asmCpuid
+	cpuidex = asmCpuidex
+	xgetbv = asmXgetbv
+	rdtscpAsm = asmRdtscpAsm
+}
--- a/vendor/github.com/klauspost/cpuid/detect_ref.go
+++ b/vendor/github.com/klauspost/cpuid/detect_ref.go
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// +build !amd64,!386 gccgo
+
+package cpuid
+
+func initCPU() {
+	cpuid = func(op uint32) (eax, ebx, ecx, edx uint32) {
+		return 0, 0, 0, 0
+	}
+
+	cpuidex = func(op, op2 uint32) (eax, ebx, ecx, edx uint32) {
+		return 0, 0, 0, 0
+	}
+
+	xgetbv = func(index uint32) (eax, edx uint32) {
+		return 0, 0
+	}
+
+	rdtscpAsm = func() (eax, ebx, ecx, edx uint32) {
+		return 0, 0, 0, 0
+	}
+}
--- a/vendor/github.com/klauspost/cpuid/generate.go
+++ b/vendor/github.com/klauspost/cpuid/generate.go
+package cpuid
+
+//go:generate go run private-gen.go
+//go:generate gofmt -w ./private
--- a/vendor/github.com/klauspost/cpuid/private-gen.go
+++ b/vendor/github.com/klauspost/cpuid/private-gen.go
--- a/vendor/github.com/klauspost/cpuid/private/cpuid.go
+++ b/vendor/github.com/klauspost/cpuid/private/cpuid.go
--- a/vendor/github.com/klauspost/cpuid/private/cpuid_386.s
+++ b/vendor/github.com/klauspost/cpuid/private/cpuid_386.s
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// +build 386,!gccgo
+
+// func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuid(SB), 7, $0
+	XORL CX, CX
+	MOVL op+0(FP), AX
+	CPUID
+	MOVL AX, eax+4(FP)
+	MOVL BX, ebx+8(FP)
+	MOVL CX, ecx+12(FP)
+	MOVL DX, edx+16(FP)
+	RET
+
+// func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuidex(SB), 7, $0
+	MOVL op+0(FP), AX
+	MOVL op2+4(FP), CX
+	CPUID
+	MOVL AX, eax+8(FP)
+	MOVL BX, ebx+12(FP)
+	MOVL CX, ecx+16(FP)
+	MOVL DX, edx+20(FP)
+	RET
+
+// func xgetbv(index uint32) (eax, edx uint32)
+TEXT ·asmXgetbv(SB), 7, $0
+	MOVL index+0(FP), CX
+	BYTE $0x0f; BYTE $0x01; BYTE $0xd0 // XGETBV
+	MOVL AX, eax+4(FP)
+	MOVL DX, edx+8(FP)
+	RET
+
+// func asmRdtscpAsm() (eax, ebx, ecx, edx uint32)
+TEXT ·asmRdtscpAsm(SB), 7, $0
+	BYTE $0x0F; BYTE $0x01; BYTE $0xF9 // RDTSCP
+	MOVL AX, eax+0(FP)
+	MOVL BX, ebx+4(FP)
+	MOVL CX, ecx+8(FP)
+	MOVL DX, edx+12(FP)
+	RET
--- a/vendor/github.com/klauspost/cpuid/private/cpuid_amd64.s
+++ b/vendor/github.com/klauspost/cpuid/private/cpuid_amd64.s
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+//+build amd64,!gccgo
+
+// func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuid(SB), 7, $0
+	XORQ CX, CX
+	MOVL op+0(FP), AX
+	CPUID
+	MOVL AX, eax+8(FP)
+	MOVL BX, ebx+12(FP)
+	MOVL CX, ecx+16(FP)
+	MOVL DX, edx+20(FP)
+	RET
+
+// func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·asmCpuidex(SB), 7, $0
+	MOVL op+0(FP), AX
+	MOVL op2+4(FP), CX
+	CPUID
+	MOVL AX, eax+8(FP)
+	MOVL BX, ebx+12(FP)
+	MOVL CX, ecx+16(FP)
+	MOVL DX, edx+20(FP)
+	RET
+
+// func asmXgetbv(index uint32) (eax, edx uint32)
+TEXT ·asmXgetbv(SB), 7, $0
+	MOVL index+0(FP), CX
+	BYTE $0x0f; BYTE $0x01; BYTE $0xd0 // XGETBV
+	MOVL AX, eax+8(FP)
+	MOVL DX, edx+12(FP)
+	RET
+
+// func asmRdtscpAsm() (eax, ebx, ecx, edx uint32)
+TEXT ·asmRdtscpAsm(SB), 7, $0
+	BYTE $0x0F; BYTE $0x01; BYTE $0xF9 // RDTSCP
+	MOVL AX, eax+0(FP)
+	MOVL BX, ebx+4(FP)
+	MOVL CX, ecx+8(FP)
+	MOVL DX, edx+12(FP)
+	RET
--- a/vendor/github.com/klauspost/cpuid/private/cpuid_detect_intel.go
+++ b/vendor/github.com/klauspost/cpuid/private/cpuid_detect_intel.go
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// +build 386,!gccgo amd64,!gccgo
+
+package cpuid
+
+func asmCpuid(op uint32) (eax, ebx, ecx, edx uint32)
+func asmCpuidex(op, op2 uint32) (eax, ebx, ecx, edx uint32)
+func asmXgetbv(index uint32) (eax, edx uint32)
+func asmRdtscpAsm() (eax, ebx, ecx, edx uint32)
+
+func initCPU() {
+	cpuid = asmCpuid
+	cpuidex = asmCpuidex
+	xgetbv = asmXgetbv
+	rdtscpAsm = asmRdtscpAsm
+}
--- a/vendor/github.com/klauspost/cpuid/private/cpuid_detect_ref.go
+++ b/vendor/github.com/klauspost/cpuid/private/cpuid_detect_ref.go
+// Copyright (c) 2015 Klaus Post, released under MIT License. See LICENSE file.
+
+// +build !amd64,!386 gccgo
+
+package cpuid
+
+func initCPU() {
+	cpuid = func(op uint32) (eax, ebx, ecx, edx uint32) {
+		return 0, 0, 0, 0
+	}
+
+	cpuidex = func(op, op2 uint32) (eax, ebx, ecx, edx uint32) {
+		return 0, 0, 0, 0
+	}
+
+	xgetbv = func(index uint32) (eax, edx uint32) {
+		return 0, 0
+	}
+
+	rdtscpAsm = func() (eax, ebx, ecx, edx uint32) {
+		return 0, 0, 0, 0
+	}
+}
--- a/vendor/manifest
+++ b/vendor/manifest
@@ -117,6 +117,14 @@
 			"path": "/basic",
 			"notests": true
 		},
+		{
+			"importpath": "github.com/klauspost/cpuid",
+			"repository": "https://github.com/klauspost/cpuid",
+			"vcs": "git",
+			"revision": "ae832f27941af41db13bd6d8efd2493e3b22415a",
+			"branch": "master",
+			"notests": true
+		},
 		{
 			"importpath": "github.com/lucas-clemente/aes12",
 			"repository": "https://github.com/lucas-clemente/aes12",