From 2ba865b3f57340fd1d75f7614c17f615cc127b89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B8ren=20Sandmann=20Pedersen?= <sandmann@daimi.au.dk>
Date: Fri, 23 Sep 2005 23:04:04 +0000
Subject: [PATCH] =?UTF-8?q?Fri=20Sep=2023=2019:00:06=202005=20S=C3=B8ren?=
 =?UTF-8?q?=20Sandmann=20<sandmann@redhat.com>=20Apply=20patch=20from=20Ro?=
 =?UTF-8?q?nald=20Wahl=20to=20make=20sure=20that=20the=20stack=20pointer?=
 =?UTF-8?q?=20is=20not=20=20=20=20=20modified=20at=20points=20where=20we?=
 =?UTF-8?q?=20access=20external=20variables.=20(Bug=204269).?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 fb/fbmmx.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/fb/fbmmx.c b/fb/fbmmx.c
index 15cb5d508..a1cad900a 100644
--- a/fb/fbmmx.c
+++ b/fb/fbmmx.c
@@ -2304,28 +2304,37 @@ static unsigned int detectCPUFeatures(void) {
     vendor[0] = 0;
     vendor[12] = 0;
     /* see p. 118 of amd64 instruction set manual Vol3 */
-    __asm__ ("push %%ebx\n"
-             "pushf\n"
+    /* We need to be careful about the handling of %ebx and
+     * %esp here. We can't declare either one as clobbered
+     * since they are special registers (%ebx is the "PIC
+     * register" holding an offset to global data, %esp the
+     * stack pointer), so we need to make sure they have their+      * original values when we access the output operands.
+     */
+    __asm__ ("pushf\n"
              "pop %%eax\n"
-             "mov %%eax, %%ebx\n"
+             "mov %%eax, %%ecx\n"
              "xor $0x00200000, %%eax\n"
              "push %%eax\n"
              "popf\n"
              "pushf\n"
              "pop %%eax\n"
              "mov $0x0, %%edx\n"
-             "xor %%ebx, %%eax\n"
+             "xor %%ecx, %%eax\n"
              "jz 1\n"
 
              "mov $0x00000000, %%eax\n"
+	     "push %%ebx\n"
              "cpuid\n"
-             "mov %%ebx, %1\n"
+             "mov %%ebx, %%eax\n"
+	     "pop %%ebx\n"
+	     "mov %%eax, %1\n"
              "mov %%edx, %2\n"
              "mov %%ecx, %3\n"
              "mov $0x00000001, %%eax\n"
+	     "push %%ebx\n"
              "cpuid\n"
+	     "pop %%ebx\n"
              "1:\n"
-             "pop %%ebx\n"
              "mov %%edx, %0\n"
              : "=r" (result), 
                "=m" (vendor[0]), 
@@ -2359,8 +2368,8 @@ static unsigned int detectCPUFeatures(void) {
                     "mov $0x80000001, %%eax\n"
                     "cpuid\n"
                     "2:\n"
-                    "mov %%edx, %0\n"
                     "pop %%ebx\n"
+                    "mov %%edx, %0\n"
                     : "=r" (result)
                     :
                     : "%eax", "%ecx", "%edx"