Date: Fri, 8 Jun 2018 00:47:24 +0000 (UTC) From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r334820 - head/sys/amd64/amd64 Message-ID: <201806080047.w580lOIU077008@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mjg Date: Fri Jun 8 00:47:24 2018 New Revision: 334820 URL: https://svnweb.freebsd.org/changeset/base/334820 Log: amd64: fix a retarded bug in memset memset fills the target buffer from a byte-sized value passed in as the second argument. The fully-sized (8 bytes) register containing it is named %rsi. Lower 4 bytes can be referred to as %esi and finally the lowest byte is %sil. Vast majority of all the callers just zero the target buffer and set it up by doing xor %esi,%esi which has a side-effect of zeroing the upper parts of the register as well. Some others do a word-sized move to %esi which has the same result. However, there are callers which only fill %sil. This does *not* clear up the rest of the register. The value of %rsi is multiplied by $0x0101010101010101 to create a 8-byte sized pattern for 8-byte stores. Prior to the patch, the func just blindly took %rsi assuming the unwanted bytes are zeroed out. Since this is not the case for the callers which only play with %sil (the rest of the register can have absolutely anything), the resulting pattern can be garbage. This has potential for funny bugs. One side effect (which was not amusing) after enabling it instead of bzero was that the kernel was hanging on boot as a xen domU. Reported by: Trond Endrestøl <Trond.Endrestol fagskolen.gjovik.no> Pointy hat: me Modified: head/sys/amd64/amd64/support.S Modified: head/sys/amd64/amd64/support.S ============================================================================== --- head/sys/amd64/amd64/support.S Fri Jun 8 00:15:08 2018 (r334819) +++ head/sys/amd64/amd64/support.S Fri Jun 8 00:47:24 2018 (r334820) @@ -271,8 +271,9 @@ ENTRY(memset) PUSH_FRAME_POINTER movq %rdi,%r9 movq %rdx,%rcx + movzbq %sil,%r8 movabs $0x0101010101010101,%rax - imulq %rsi,%rax + imulq %r8,%rax shrq $3,%rcx rep stosq
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806080047.w580lOIU077008>