Re: 2.6.37-rc7: Regression: b43: crashes in hwrng_register()

From: Mario 'BitKoenig' Holbe
Date: Thu Jan 06 2011 - 09:43:20 EST

On Fri, Jan 07, 2011 at 12:35:41AM +1100, Herbert Xu wrote:
> On Thu, Jan 06, 2011 at 02:15:16PM +0100, Mario 'BitKoenig' Holbe wrote:
> > 1. Having ECX on the clobber-list is not really necessary.
> > XSTORE doesn't touch ECX at all.
> > REP XSTORE would touch it, but for this ECX would be an input anyways.
> The documentation wasn't clear whether ECX would be updated without
> the REP prefix so I included it to be on the safe side. Unfortunately
> my only VIA machine is on another continent at the moment so I can't
> test it myself. Can you verify that ECX isn't changed without the
> REP prefix?

session-log (including small test case) attached: ECX is not changed.

> > 2. Would you mind doing the same for EDX as you did for EDI?
> According to my documentation EDX isn't be modified (nor would it
> make sense as it would break REP XSTORE). Are you seeing anything
> different?
VIA PadLock Programming Guide, v1.66, 4th August 2005
2.1 XSTORE Instructions (page 9)
RNG Quality Factor: EDX
[...] Only the lower two bits of EDX are meaningful; the upper 30 bits
are ignored by the instruction and may be set to zero.
PadLock Quick Reference, v0.95, 25th July 2008
Register Usage: Output
EDX Bits 0:1 are unchanged, all higher order bits are zero.

See the attached session-log as well: those EDX bits are indeed zeroed.

Btw: I believe both documents are quite clear regarding ECX for XSTORE.

holbe@ideapad ~ % cat via-rng-test.c
#include <stdio.h>
#include <string.h>

static inline unsigned long xstore(unsigned long *addr, unsigned long edx)
unsigned long eax_out;
unsigned long ecx = 0xaa55aa55;
int ts_state;

printf("ecx: %08lx\tedx: %08lx\tedi: %p\n", ecx, edx, addr);

asm(".byte 0x0F,0xA7,0xC0 /* xstore %%edi (addr=%0) */"
: "=m" (*addr), "=a" (eax_out), "+D" (addr), "+d" (edx), "+c" (ecx));

printf("ecx: %08lx\tedx: %08lx\tedi: %p\n", ecx, edx, addr);

return eax_out;

int main(void) {
unsigned long addr[8];

memset(addr, 0, sizeof(addr));

printf("%p: %08lx\n", addr, *(unsigned long *)addr);
xstore(addr, 0xffffff03); /* 8 rand bits, 32 stored bits */
printf("%p: %08lx\n", addr, *(unsigned long *)addr);

return 0;
holbe@ideapad ~ % gcc -o via-rng-test via-rng-test.c
holbe@ideapad ~ % ./via-rng-test
0xbff09d40: 00000000
ecx: aa55aa55 edx: ffffff03 edi: 0xbff09d40
ecx: aa55aa55 edx: 00000003 edi: 0xbff09d48
0xbff09d40: 339d4525
holbe@ideapad ~ %

