# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1182181685 -3600
# Node ID b1eb43f94a3aa913f01ea7456f728ba3ea0ce21a
# Parent 58b6223074afe9911b2bfb1f0adbf5e88638dfb7
x86/64: Avoid bogus mbi pointer into relocated Xen address space.
Prevent similar bugs in future by poisoning the relocated bottom
megabyte.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
xen/arch/x86/boot/x86_32.S | 4 +---
xen/arch/x86/boot/x86_64.S | 2 --
xen/arch/x86/setup.c | 6 +++++-
3 files changed, 6 insertions(+), 6 deletions(-)
diff -r 58b6223074af -r b1eb43f94a3a xen/arch/x86/boot/x86_32.S
--- a/xen/arch/x86/boot/x86_32.S Mon Jun 18 16:47:16 2007 +0100
+++ b/xen/arch/x86/boot/x86_32.S Mon Jun 18 16:48:05 2007 +0100
@@ -30,9 +30,7 @@ 1: mov %eax,(%edi)
loop 1b
/* Pass off the Multiboot info structure to C land. */
- mov multiboot_ptr,%eax
- add $__PAGE_OFFSET,%eax
- push %eax
+ pushl multiboot_ptr
call __start_xen
ud2 /* Force a panic (invalid opcode). */
diff -r 58b6223074af -r b1eb43f94a3a xen/arch/x86/boot/x86_64.S
--- a/xen/arch/x86/boot/x86_64.S Mon Jun 18 16:47:16 2007 +0100
+++ b/xen/arch/x86/boot/x86_64.S Mon Jun 18 16:48:05 2007 +0100
@@ -51,8 +51,6 @@ 1: movq %rax,(%rdi)
/* Pass off the Multiboot info structure to C land. */
mov multiboot_ptr(%rip),%edi
- lea start-0x100000(%rip),%rax
- add %rax,%rdi
call __start_xen
ud2 /* Force a panic (invalid opcode). */
diff -r 58b6223074af -r b1eb43f94a3a xen/arch/x86/setup.c
--- a/xen/arch/x86/setup.c Mon Jun 18 16:47:16 2007 +0100
+++ b/xen/arch/x86/setup.c Mon Jun 18 16:48:05 2007 +0100
@@ -402,7 +402,7 @@ void init_done(void)
startup_cpu_idle_loop();
}
-void __init __start_xen(multiboot_info_t *mbi)
+void __init __start_xen(unsigned long mbi_p)
{
char *memmap_type = NULL;
char __cmdline[] = "", *cmdline = __cmdline;
@@ -410,6 +410,7 @@ void __init __start_xen(multiboot_info_t
unsigned int initrdidx = 1;
char *_policy_start = NULL;
unsigned long _policy_len = 0;
+ multiboot_info_t *mbi = __va(mbi_p);
module_t *mod = (module_t *)__va(mbi->mods_addr);
unsigned long nr_pages, modules_length;
int i, e820_warn = 0, bytes = 0;
@@ -678,6 +679,9 @@ void __init __start_xen(multiboot_info_t
barrier();
move_memory(e, 0, __pa(&_end) - xen_phys_start);
+ /* Poison low 1MB to detect stray pointers to physical 0-1MB. */
+ memset(maddr_to_bootstrap_virt(e), 0x55, 1U<<20);
+
/* Walk initial pagetables, relocating page directory entries. */
pl4e = __va(__pa(idle_pg_table));
for ( i = 0 ; i < L4_PAGETABLE_ENTRIES; i++, pl4e++ )
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home
xen.org, 