From 8f1f7d8414cf3fb0f35f52c406fb580f59e2d101 Mon Sep 17 00:00:00 2001 From: nonaka Date: Fri, 24 Feb 2017 12:24:25 +0000 Subject: [PATCH] efiboot: Don't access old stack after copying a kernel. It's possible that the old stack is overwritten by the kernel. --- .../i386/stand/efiboot/bootia32/startprog32.S | 35 ++++++++++--------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/sys/arch/i386/stand/efiboot/bootia32/startprog32.S b/sys/arch/i386/stand/efiboot/bootia32/startprog32.S index 3538a0f52330..99f7632c5673 100644 --- a/sys/arch/i386/stand/efiboot/bootia32/startprog32.S +++ b/sys/arch/i386/stand/efiboot/bootia32/startprog32.S @@ -1,4 +1,4 @@ -/* $NetBSD: startprog32.S,v 1.1 2017/02/21 10:53:37 nonaka Exp $ */ +/* $NetBSD: startprog32.S,v 1.2 2017/02/24 12:24:25 nonaka Exp $ */ /* NetBSD: startprog.S,v 1.4 2016/12/04 08:21:08 maxv Exp */ /* @@ -91,6 +91,9 @@ start: cli + movl 8(%ebp), %ebx /* %ebx: entry address */ + movl 36(%ebp), %edx /* %edx: loaded start address */ + /* Prepare a new stack */ movl 20(%ebp), %eax /* stack */ subl $4, %eax @@ -108,12 +111,12 @@ start: rep movsl /* copy %ds:(%esi) -> %es:(%edi) */ cld - mov %edi, %edx /* %edx: new stack pointer */ + mov %edi, %esp /* set new stack pointer */ /* Copy kernel */ - movl 24(%esp), %edi /* dest */ - movl 28(%esp), %esi /* src */ - movl 32(%esp), %ecx /* size */ + movl 24(%ebp), %edi /* dest */ + movl 28(%ebp), %esi /* src */ + movl 32(%ebp), %ecx /* size */ #if defined(NO_OVERLAP) movl %ecx, %eax #else @@ -179,20 +182,17 @@ start: .Lcopy_done: cld /* LynxOS depends on it */ - movl 8(%ebp), %esi /* %esi: entry address */ - movl 36(%ebp), %edi /* %edi: loaded start address */ - /* Prepare jump address */ - lea (start32a - start)(%edi), %eax - movl %eax, (start32r - start)(%edi) + lea (start32a - start)(%edx), %eax + movl %eax, (start32r - start)(%edx) /* Setup GDT */ - lea (gdt - start)(%edi), %eax - movl %eax, (gdtrr - start)(%edi) - lgdt (gdtr - start)(%edi) + lea (gdt - start)(%edx), %eax + movl %eax, (gdtrr - start)(%edx) + lgdt (gdtr - start)(%edx) /* Jump to set %cs */ - ljmp *(start32r - start)(%edi) + ljmp *(start32r - start)(%edx) .align 4 start32a: @@ -203,7 +203,8 @@ start32a: movw %ax, %gs movw %ax, %ss - movl %edx, %esp + /* Already set new stack pointer */ + movl %esp, %ebp /* Disable Paging in CR0 */ movl %cr0, %eax @@ -220,8 +221,8 @@ start32a: .align 4 start32b: xor %eax, %eax - movl %esi, (start32r - start)(%edi) - ljmp *(start32r - start)(%edi) + movl %ebx, (start32r - start)(%edx) + ljmp *(start32r - start)(%edx) .align 16 start32r: