amd64: fix a retarded bug in memset

memset fills the target buffer from a byte-sized value passed in as the
second argument.

The fully-sized (8 bytes) register containing it is named %rsi. Lower 4 bytes
can be referred to as %esi and finally the lowest byte is %sil.

Vast majority of all the callers just zero the target buffer and set it up by
doing xor %esi,%esi which has a side-effect of zeroing the upper parts of
the register as well. Some others do a word-sized move to %esi which has the
same result.

However, there are callers which only fill %sil. This does *not* clear up
the rest of the register.

The value of %rsi is multiplied by $0x0101010101010101 to create a 8-byte sized
pattern for 8-byte stores.

Prior to the patch, the func just blindly took %rsi assuming the unwanted bytes
are zeroed out. Since this is not the case for the callers which only play with
%sil (the rest of the register can have absolutely anything), the resulting
pattern can be garbage.

This has potential for funny bugs. One side effect (which was not amusing)
after enabling it instead of bzero was that the kernel was hanging on boot
as a xen domU.

Reported by:	Trond Endrestøl <Trond.Endrestol fagskolen.gjovik.no>
Pointy hat: me

1 files changed, 2 insertions, 1 deletions

diff --git a/sys/amd64/amd64/support.S b/sys/amd64/amd64/support.S
index 60f9e309a130..f6380121a6b5 100644
--- a/sys/amd64/amd64/support.S
+++ b/sys/amd64/amd64/support.S
@@ -271,8 +271,9 @@ ENTRY(memset)
 	PUSH_FRAME_POINTER
 	movq	%rdi,%r9
 	movq	%rdx,%rcx
+	movzbq	%sil,%r8
 	movabs	$0x0101010101010101,%rax
-	imulq	%rsi,%rax
+	imulq	%r8,%rax
 	shrq	$3,%rcx
 	rep
 	stosq