CVS commit: src/sys/arch/i386/stand/efiboot/bootia32

[NONAKA Kimihiro]

Module Name:    src
Committed By:   nonaka
Date:           Fri Feb 24 12:24:25 UTC 2017

Modified Files:
        src/sys/arch/i386/stand/efiboot/bootia32: startprog32.S

Log Message:
efiboot: Don't access old stack after copying a kernel.

It's possible that the old stack is overwritten by the kernel.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 \
    src/sys/arch/i386/stand/efiboot/bootia32/startprog32.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/arch/i386/stand/efiboot/bootia32/startprog32.S
diff -u src/sys/arch/i386/stand/efiboot/bootia32/startprog32.S:1.1 src/sys/arch/i386/stand/efiboot/bootia32/startprog32.S:1.2
--- src/sys/arch/i386/stand/efiboot/bootia32/startprog32.S:1.1	Tue Feb 21 10:53:37 2017
+++ src/sys/arch/i386/stand/efiboot/bootia32/startprog32.S	Fri Feb 24 12:24:25 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: startprog32.S,v 1.1 2017/02/21 10:53:37 nonaka Exp $	*/
+/*	$NetBSD: startprog32.S,v 1.2 2017/02/24 12:24:25 nonaka Exp $	*/
 /*	NetBSD: startprog.S,v 1.4 2016/12/04 08:21:08 maxv Exp	*/
 
 /*
@@ -91,6 +91,9 @@ start:
 
 	cli
 
+	movl	8(%ebp), %ebx	/* %ebx: entry address */
+	movl	36(%ebp), %edx	/* %edx: loaded start address */
+
 	/* Prepare a new stack */
 	movl	20(%ebp), %eax	/* stack */
 	subl	$4, %eax
@@ -108,12 +111,12 @@ start:
 	rep
 	movsl			/* copy %ds:(%esi) -> %es:(%edi) */
 	cld
-	mov	%edi, %edx	/* %edx: new stack pointer */
+	mov	%edi, %esp	/* set new stack pointer */
 
 	/* Copy kernel */
-	movl	24(%esp), %edi	/* dest */
-	movl	28(%esp), %esi	/* src */
-	movl	32(%esp), %ecx	/* size */
+	movl	24(%ebp), %edi	/* dest */
+	movl	28(%ebp), %esi	/* src */
+	movl	32(%ebp), %ecx	/* size */
 #if defined(NO_OVERLAP)
 	movl	%ecx, %eax
 #else
@@ -179,20 +182,17 @@ start:
 .Lcopy_done:
 	cld			/* LynxOS depends on it */
 
-	movl	8(%ebp), %esi	/* %esi: entry address */
-	movl	36(%ebp), %edi	/* %edi: loaded start address */
-
 	/* Prepare jump address */
-	lea	(start32a - start)(%edi), %eax
-	movl	%eax, (start32r - start)(%edi)
+	lea	(start32a - start)(%edx), %eax
+	movl	%eax, (start32r - start)(%edx)
 
 	/* Setup GDT */
-	lea	(gdt - start)(%edi), %eax
-	movl	%eax, (gdtrr - start)(%edi)
-	lgdt	(gdtr - start)(%edi)
+	lea	(gdt - start)(%edx), %eax
+	movl	%eax, (gdtrr - start)(%edx)
+	lgdt	(gdtr - start)(%edx)
 
 	/* Jump to set %cs */
-	ljmp	*(start32r - start)(%edi)
+	ljmp	*(start32r - start)(%edx)
 
 	.align	4
 start32a:
@@ -203,7 +203,8 @@ start32a:
 	movw	%ax, %gs
 	movw	%ax, %ss
 
-	movl	%edx, %esp
+	/* Already set new stack pointer */
+	movl	%esp, %ebp
 
 	/* Disable Paging in CR0 */
 	movl	%cr0, %eax
@@ -220,8 +221,8 @@ start32a:
 	.align	4
 start32b:
 	xor	%eax, %eax
-	movl	%esi, (start32r - start)(%edi)
-	ljmp	*(start32r - start)(%edi)
+	movl	%ebx, (start32r - start)(%edx)
+	ljmp	*(start32r - start)(%edx)
 
 	.align	16
 start32r: