[gPXE-devel] [PATCH] [romprefix] Consider PCI3 init-time segment in BIOS area insane
Joshua Oreman
oremanj at mit.edu
Thu May 27 02:55:36 EDT 2010
[I'm not sure if the generalization here is correct, and I don't have
access to the PCI3 specification. Could someone with more PCI
knowledge comment? --Josh]
At least one BIOS invokes the gPXE ROM with %cs = 0xCE00 (a perfectly
valid runtime segment) and %gs = 0xE000 (a very dangerous runtime
segment). The proper action in response to this bug is to not relocate
to %gs, just as we would if %gs were outside the BIOS area or the
runtime and init-time segments overlapped. The init-time segment should
always be in conventional memory for a compliant PCI3 system.
Signed-off-by: Joshua Oreman <oremanj at rwcr.net>
---
src/arch/i386/prefix/romprefix.S | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/arch/i386/prefix/romprefix.S b/src/arch/i386/prefix/romprefix.S
index 02e5497..7d68102 100644
--- a/src/arch/i386/prefix/romprefix.S
+++ b/src/arch/i386/prefix/romprefix.S
@@ -248,6 +248,8 @@ init:
movw %cs, %bx /* Sane if %cs == %gs */
cmpw %bx, %ax
je 1f
+ cmpw $0xa000, %bx /* Insane if %cs >= 0xa000 */
+ jae pci3_insane
movzbw romheader_size, %cx /* Sane if %cs+len <= %gs */
shlw $5, %cx
addw %cx, %bx
--
1.6.0.2
More information about the gPXE-devel
mailing list