From owner-svn-src-head@freebsd.org Fri Jun 8 00:47:25 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7DFE51009FEB; Fri, 8 Jun 2018 00:47:25 +0000 (UTC) (envelope-from mjg@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 22D466903F; Fri, 8 Jun 2018 00:47:25 +0000 (UTC) (envelope-from mjg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F270627A7F; Fri, 8 Jun 2018 00:47:24 +0000 (UTC) (envelope-from mjg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w580lO3h077009; Fri, 8 Jun 2018 00:47:24 GMT (envelope-from mjg@FreeBSD.org) Received: (from mjg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w580lOIU077008; Fri, 8 Jun 2018 00:47:24 GMT (envelope-from mjg@FreeBSD.org) Message-Id: <201806080047.w580lOIU077008@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mjg set sender to mjg@FreeBSD.org using -f From: Mateusz Guzik Date: Fri, 8 Jun 2018 00:47:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r334820 - head/sys/amd64/amd64 X-SVN-Group: head X-SVN-Commit-Author: mjg X-SVN-Commit-Paths: head/sys/amd64/amd64 X-SVN-Commit-Revision: 334820 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jun 2018 00:47:25 -0000 Author: mjg Date: Fri Jun 8 00:47:24 2018 New Revision: 334820 URL: https://svnweb.freebsd.org/changeset/base/334820 Log: amd64: fix a retarded bug in memset memset fills the target buffer from a byte-sized value passed in as the second argument. The fully-sized (8 bytes) register containing it is named %rsi. Lower 4 bytes can be referred to as %esi and finally the lowest byte is %sil. Vast majority of all the callers just zero the target buffer and set it up by doing xor %esi,%esi which has a side-effect of zeroing the upper parts of the register as well. Some others do a word-sized move to %esi which has the same result. However, there are callers which only fill %sil. This does *not* clear up the rest of the register. The value of %rsi is multiplied by $0x0101010101010101 to create a 8-byte sized pattern for 8-byte stores. Prior to the patch, the func just blindly took %rsi assuming the unwanted bytes are zeroed out. Since this is not the case for the callers which only play with %sil (the rest of the register can have absolutely anything), the resulting pattern can be garbage. This has potential for funny bugs. One side effect (which was not amusing) after enabling it instead of bzero was that the kernel was hanging on boot as a xen domU. Reported by: Trond Endrestøl Pointy hat: me Modified: head/sys/amd64/amd64/support.S Modified: head/sys/amd64/amd64/support.S ============================================================================== --- head/sys/amd64/amd64/support.S Fri Jun 8 00:15:08 2018 (r334819) +++ head/sys/amd64/amd64/support.S Fri Jun 8 00:47:24 2018 (r334820) @@ -271,8 +271,9 @@ ENTRY(memset) PUSH_FRAME_POINTER movq %rdi,%r9 movq %rdx,%rcx + movzbq %sil,%r8 movabs $0x0101010101010101,%rax - imulq %rsi,%rax + imulq %r8,%rax shrq $3,%rcx rep stosq