Module Name: src
Committed By: andvar
Date: Sat Aug 17 08:38:31 UTC 2024
Modified Files:
src/sys/arch/i386/stand/lib: biosmemx.S bootinfo_memmap.c getextmemx.c
Log Message:
Allocate buf[6] instead of buf[5] to work around buggy firmware, which may
write mementry to 24 bytes instead 20 requested with ACPI 3.0 enabled,
causing corrupted stack and wrong marks[] values in common_load_kernel().
This in turn was leading to erroneous caluclations and memory addresses.
This eventually may result in null pointer dereference in the kernel and sudden
reboot for VIA based systems.
Commit should fix boot issues for VIA C7-M based HP 2133 Mini-Note,
mentioned in the original bug report. For AMD based HP Compaq 6005 Pro
discussed in a separate thread, the issue may be different.
Tested on my VIA C7-D based Biostar Viotech 3100+ motherboard.
needs-pullups to 9, 10.
PR install/49470
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/sys/arch/i386/stand/lib/biosmemx.S
cvs rdiff -u -r1.6 -r1.7 src/sys/arch/i386/stand/lib/bootinfo_memmap.c
cvs rdiff -u -r1.10 -r1.11 src/sys/arch/i386/stand/lib/getextmemx.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/i386/stand/lib/biosmemx.S
diff -u src/sys/arch/i386/stand/lib/biosmemx.S:1.11 src/sys/arch/i386/stand/lib/biosmemx.S:1.12
--- src/sys/arch/i386/stand/lib/biosmemx.S:1.11 Mon Aug 2 12:56:23 2021
+++ src/sys/arch/i386/stand/lib/biosmemx.S Sat Aug 17 08:38:31 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: biosmemx.S,v 1.11 2021/08/02 12:56:23 andvar Exp $ */
+/* $NetBSD: biosmemx.S,v 1.12 2024/08/17 08:38:31 andvar Exp $ */
/*
* Copyright (c) 1997, 1999
@@ -84,12 +84,25 @@ ENTRY(getextmem2)
ret
/*
- * int getmementry(int *iterator, int buffer[5])
+ * int getmementry(int *iterator, int buffer[6])
*
* return: 0=ok, else error
* buffer[0]: start of memory chunk
* buffer[2]: length (bytes)
* buffer[4]: type
+ * buffer[5]: ACPI 3.0 Extended Attributes bitfield (unused)
+ * Some buggy BIOSes may write to 24 bytes even if only 20 were requested.
+ * Therefore, the buffer is defined for 6 elements to avoid stack buffer
+ * overruns. See PR install/49470.
+ *
+ * More details can be found in the
+ * Advanced Configuration and Power Interface (ACPI) Specification, Release 6.5,
+ * 2022-08-29, UEFI Forum, Inc.,
+ * Sec. 15.1 `INT 15H E820H - Query System Address Map', pp. 756-757
+ * https://uefi.org/sites/default/files/resources/ACPI_Spec_6_5_Aug29.pdf#page=824
+ * https://uefi.org/specs/ACPI/6.5/15_System_Address_Map_Interfaces.html#int-15h-e820h-query-system-address-map
+ * as well as OSDev.org wiki page
+ * https://wiki.osdev.org/Detecting_Memory_(x86)#BIOS_Function:_INT_0x15,_EAX_=_0xE820.
*/
ENTRY(getmementry)
pushl %ebp
Index: src/sys/arch/i386/stand/lib/bootinfo_memmap.c
diff -u src/sys/arch/i386/stand/lib/bootinfo_memmap.c:1.6 src/sys/arch/i386/stand/lib/bootinfo_memmap.c:1.7
--- src/sys/arch/i386/stand/lib/bootinfo_memmap.c:1.6 Fri Sep 13 02:19:46 2019
+++ src/sys/arch/i386/stand/lib/bootinfo_memmap.c Sat Aug 17 08:38:31 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: bootinfo_memmap.c,v 1.6 2019/09/13 02:19:46 manu Exp $ */
+/* $NetBSD: bootinfo_memmap.c,v 1.7 2024/08/17 08:38:31 andvar Exp $ */
/*
* Copyright (c) 1999
@@ -37,7 +37,11 @@ extern int getmementry(int *, int *);
void
bi_getmemmap(void)
{
- int buf[5], i, nranges, n;
+ /*
+ * Allocate 6 words, not 5, to work around buggy firmware -- see comment
+ * on getmementry in biosmemx.S.
+ */
+ int buf[6], i, nranges, n;
nranges = 0;
i = 0;
Index: src/sys/arch/i386/stand/lib/getextmemx.c
diff -u src/sys/arch/i386/stand/lib/getextmemx.c:1.10 src/sys/arch/i386/stand/lib/getextmemx.c:1.11
--- src/sys/arch/i386/stand/lib/getextmemx.c:1.10 Thu Jun 16 13:27:59 2011
+++ src/sys/arch/i386/stand/lib/getextmemx.c Sat Aug 17 08:38:31 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: getextmemx.c,v 1.10 2011/06/16 13:27:59 joerg Exp $ */
+/* $NetBSD: getextmemx.c,v 1.11 2024/08/17 08:38:31 andvar Exp $ */
/*
* Copyright (c) 1997, 1999
@@ -38,7 +38,11 @@
int
getextmemx(void)
{
- int buf[5], i;
+ /*
+ * Allocate 6 words, not 5, to work around buggy firmware -- see comment
+ * on getmementry in biosmemx.S.
+ */
+ int buf[6], i;
int extmem = getextmem1();
#ifdef SUPPORT_PS2
struct {
