[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] x86/boot: Fix BIOS memory corruption on certain IBM systems

To: Xen-devel <xen-devel@xxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Tue, 3 Dec 2013 20:34:19 +0000
Cc: George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
Delivery-date: Tue, 03 Dec 2013 20:35:08 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

IBM System x3530 M4 BIOSes (including the latest available at the time of this
patch) will corrupt a byte at physical address 0x105ff1 to the value of 0x86
if %esp has the value 0x00080000 when issuing an `int $0x15 (ax=0xec00)` to
inform the system about our intended operating mode.

Xen gets unhappy when the bootloader has placed it's .text section in over
this specific region of RAM.

After dropping into 16bit mode, initialise as much state as we possibly can to
sane values. This includes 0 for all the GPRs and %cs for %fs and %gs which
would otherwise be unreal segment selectors.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Keir Fraser <keir@xxxxxxx>
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: George Dunlap <george.dunlap@xxxxxxxxxxxxx>

---

George:
 * This fixes a memory corruption issue, so counts towards both #1 and #2 as
   far as a freeze exception goes.
---
 xen/arch/x86/boot/trampoline.S |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/boot/trampoline.S b/xen/arch/x86/boot/trampoline.S
index 827f412..f4dfb94 100644
--- a/xen/arch/x86/boot/trampoline.S
+++ b/xen/arch/x86/boot/trampoline.S
@@ -140,10 +140,12 @@ trampoline_boot_cpu_entry:
 1:      mov     %cs,%ax
         mov     %ax,%ds
         mov     %ax,%es
+        mov     %ax,%fs
+        mov     %ax,%gs
         mov     %ax,%ss
 
         /* Initialise stack pointer and IDT, and enable irqs. */
-        xor     %sp,%sp
+        xor     %esp,%esp
         lidt    bootsym(rm_idt)
         sti
 
@@ -151,6 +153,11 @@ trampoline_boot_cpu_entry:
          * Declare that our target operating mode is long mode.
          * Initialise 32-bit registers since some buggy BIOSes depend on it.
          */
+        xor     %ecx,%ecx
+        xor     %edx,%edx
+        xor     %esi,%esi
+        xor     %edi,%edi
+        xor     %ebp,%ebp
         movl    $0xec00,%eax      # declare target operating mode
         movl    $0x0002,%ebx      # long mode
         int     $0x15
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] x86/boot: Fix BIOS memory corruption on certain IBM systems
  - From: George Dunlap
- Re: [Xen-devel] [PATCH] x86/boot: Fix BIOS memory corruption on certain IBM systems
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] x86/boot: Fix BIOS memory corruption on certain IBM systems
  - From: Keir Fraser

Prev by Date: Re: [Xen-devel] [PATCH v4 1/7] x86: detect and initialize Cache QoS Monitoring feature
Next by Date: Re: [Xen-devel] [PATCH v2 00/16] tmem: continue to cleanup tmem
Previous by thread: [Xen-devel] [PATCH v2] xen/arch/x86: Fix early boot command line parsing
Next by thread: Re: [Xen-devel] [PATCH] x86/boot: Fix BIOS memory corruption on certain IBM systems
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.