Pentium memcpy patch reissued

Robert L Krawitz (rlk@tiac.net)
Tue, 2 Apr 1996 19:55:59 -0500


Gerhard Koerting <G.Koerting@koerting.techem.ruhr-uni-bochum.de>
reported memory corruption with my fast memcpy routine when it was
used in both the kernel and a user program. He has since tracked down
the cause and given me a patch. In addition to fixing the problem, he
also fixed the warnings about uninitialized variables. The
description of the problem and solution follows:

From: Gerhard Koerting <G.Koerting@koerting.techem.ruhr-uni-bochum.de>
To: rlk@tiac.net (Robert L Krawitz)

My problems with your memcpy seem to be related to the way Linux saves
the 387 state during task switches: it does the fsave on the exception
coming from a 387 instruction with TS and MP set in cr0-register.
This will happen sometimes at the first fp-instruction of your memcpy.

If I clear TS before memcpy and restore it afterwards I don't get those
changed bytes anymore. Calling math_state_restore() before memcpy corrects
it too.

I include a patch for your memcpy which clears/resets TS in this way
(and optimizes the constraints, but with fewest changes to your original
code).

The patch may be found on my Linux page
(http://www.tiac.net/users/rlk/linux.html). The patch is against
1.3.82, but it will probably work without too much difficulty against
other 1.3.[78]x kernels. I strongly suggest that everyone take the
patch. At worst, just patch copy.c.

Thanks, Gerhard!

-- 
Robert Krawitz <rlk@tiac.net>		http://www.tiac.net/users/rlk/

Member of the League for Programming Freedom -- mail lpf@uunet.uu.net Tall Clubs International -- tci-request@aptinc.com or 1-800-521-2512