On Sat, May 11, 2019 at 12:30 PM Florian Weimer <fw@xxxxxxxxxxxxx> wrote: > Can you capture register contents at the point of the crash? > > Does this reproduce in a chroot? Maybe you can trace the whole thing > with a debugger. Does the crash reproduce if you single-step through > the whole function? Florian, I figured out the problem, I just haven't written code to fix it. The documentation I can find is silent about what is returned in %ecx and %ebx when calling cpuid function 0x00000001 on IDT Winchip-C6 and Winchip2. I think %ecx should properly contain 0x00000000, but it instead puts the 'auls' characters from cpuid function 0x00000000 (vendor string 'CentaurHauls') in %ecx: %ebx = 0x746e6543 = "Cent" %edx = 0x48727561 = "aurH" %ecx = 0x736c7561 = "auls" This sets bit 30 (0x736c7561) 'on', the 'supports rdrand' bit. So we have to code around the vendor and chip model in this case. Jeffrey Walton gave some coding examples I might consider (https://github.com/weidai11/cryptopp/blob/master/cpu.cpp#L380). - Matthew
