Kaynağa Gözat

[romprefix] Further sanity checks for the PCI 3 runtime segment address

This extends the sanity checks on the runtime segment address provided
in %bx, first implemented in commit 5600955.

We now allow the ROM to be placed anywhere above a000:0000 (rather
than c000:0000, as before), since this is the region allowed by the
PCI 3 spec.  If the BIOS asks us to place the runtime image such that
it would overlap with the init-time image (which is explicitly
prohibited by the PCI 3 spec), then we assume that the BIOS is faulty
and ignore the provided runtime segment address.

Testing on a SuperMicro BIOS providing overlapping segment addresses
shows that ignoring the provided runtime segment address is safe to do
in these circumstances.
tags/v0.9.6
Michael Brown 16 yıl önce
ebeveyn
işleme
621101c36a
1 değiştirilmiş dosya ile 22 ekleme ve 9 silme
  1. 22
    9
      src/arch/i386/prefix/romprefix.S

+ 22
- 9
src/arch/i386/prefix/romprefix.S Dosyayı Görüntüle

@@ -190,11 +190,11 @@ init:
190 190
 	stc
191 191
 	movw	$0xb101, %ax
192 192
 	int	$0x1a
193
-	jc	1f
193
+	jc	no_pci3
194 194
 	cmpl	$PCI_SIGNATURE, %edx
195
-	jne	1f
195
+	jne	no_pci3
196 196
 	testb	%ah, %ah
197
-	jnz	1f
197
+	jnz	no_pci3
198 198
 	movw	$init_message_pci, %si
199 199
 	xorw	%di, %di
200 200
 	call	print_message
@@ -205,20 +205,33 @@ init:
205 205
 	movb	%bl, %al
206 206
 	call	print_hex_byte
207 207
 	cmpb	$3, %bh
208
-	jb	1f
208
+	jb	no_pci3
209 209
 	/* PCI >=3.0: leave %gs as-is if sane */
210 210
 	movw	%gs, %ax
211
-	cmpw	$0xc000, %ax
212
-	jae	2f
213
-	/* PCI 3.0 with insane %gs value: print error and ignore %gs */
211
+	cmpw	$0xa000, %ax	/* Insane if %gs < 0xa000 */
212
+	jb	pci3_insane
213
+	movw	%cs, %bx	/* Sane if %cs == %gs */
214
+	cmpw	%bx, %ax
215
+	je	1f
216
+	movzbw	romheader_size, %cx /* Sane if %cs+len <= %gs */
217
+	shlw	$5, %cx
218
+	addw	%cx, %bx
219
+	cmpw	%bx, %ax
220
+	jae	1f
221
+	movw	%cs, %bx	/* Sane if %gs+len <= %cs */
222
+	addw	%cx, %ax
223
+	cmpw	%bx, %ax
224
+	jbe	1f
225
+pci3_insane: /* PCI 3.0 with insane %gs value: print error and ignore %gs */
214 226
 	movb	$'!', %al
215 227
 	call	print_character
216 228
 	movw	%gs, %ax
217 229
 	call	print_hex_word
218
-1:	/* PCI <3.0: set %gs (runtime segment) = %cs (init-time segment) */
230
+no_pci3:
231
+	/* PCI <3.0: set %gs (runtime segment) = %cs (init-time segment) */
219 232
 	pushw	%cs
220 233
 	popw	%gs
221
-2:	popl	%edi
234
+1:	popl	%edi
222 235
 	popl	%edx
223 236
 	popl	%ebx
224 237
 

Loading…
İptal
Kaydet