x86/efi: Correct EFI boot stub use of code32_start

commit 7e8213c1f3acc064aef37813a39f13cbfe7c3ce7 upstream. code32_start should point at the start of the protected mode code, and *not* at the beginning of the bzImage. This is much easier to do in assembly so document that callers of make_boot_params() need to fill out code32_start. The fallout from this bug is that we would end up relocating the image but copying the image at some offset, resulting in what appeared to be memory corruption. Reported-by: Thomas Bächler <thomas@archlinux.org> Signed-off-by: Matt Fleming <matt.fleming@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Matt Fleming <matt@console-pimps.org> 2014-04-08 08:14:00 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2014-05-06 10:55:30 -0400
commit: 35d5134b7d5a55e269c953096224248b9f6f72c2 (patch)
tree: bf5c5b9e459bb6e71b5d2cc7277469fdd581a1cc /arch
parent: 9e2dcd00681f852c1cb1864f79e9992ea1b5981f (diff)
3 files changed, 14 insertions, 14 deletions
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
index d606463aa6d6..1308beed7abe 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -865,6 +865,9 @@ fail:
 * Because the x86 boot code expects to be passed a boot_params we
 * need to create one ourselves (usually the bootloader would create
 * one for us).
+ *
+ * The caller is responsible for filling out ->code32_start in the
+ * returned boot_params.
 */
 struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
 {
@@ -921,8 +924,6 @@ struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table)
        hdr->vid_mode = 0xffff;
        hdr->boot_flag = 0xAA55;
-        hdr->code32_start = (__u64)(unsigned long)image->image_base;
        hdr->type_of_loader = 0x21;
        /* Convert unicode cmdline to ascii */
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
index 1e3184f6072f..abb988a54c69 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -50,6 +50,13 @@ ENTRY(efi_pe_entry)
        pushl   %eax
        pushl   %esi
        pushl   %ecx
+        call    reloc
+reloc:
+        popl    %ecx
+        subl    reloc, %ecx
+        movl    %ecx, BP_code32_start(%eax)
        sub     $0x4, %esp
 ENTRY(efi_stub_entry)
@@ -63,12 +70,7 @@ ENTRY(efi_stub_entry)
        hlt
        jmp     1b
 2:
-        call    3f
+        movl    BP_code32_start(%esi), %eax
-3:
-        popl    %eax
-        subl    $3b, %eax
-        subl    BP_pref_address(%esi), %eax
-        add     BP_code32_start(%esi), %eax
        leal    preferred_addr(%eax), %eax
        jmp     *%eax
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index 16f24e6dad79..92059b8f3f7b 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -217,6 +217,8 @@ ENTRY(efi_pe_entry)
        cmpq    $0,%rax
        je      1f
        mov     %rax, %rdx
+        leaq    startup_32(%rip), %rax
+        movl    %eax, BP_code32_start(%rdx)
        popq    %rsi
        popq    %rdi
@@ -230,12 +232,7 @@ ENTRY(efi_stub_entry)
        hlt
        jmp     1b
 2:
-        call    3f
+        movl    BP_code32_start(%esi), %eax
-3:
-        popq    %rax
-        subq    $3b, %rax
-        subq    BP_pref_address(%rsi), %rax
-        add     BP_code32_start(%esi), %eax
        leaq    preferred_addr(%rax), %rax
        jmp     *%rax
author	Matt Fleming <matt@console-pimps.org>	2014-04-08 08:14:00 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2014-05-06 10:55:30 -0400
commit	35d5134b7d5a55e269c953096224248b9f6f72c2 (patch)
tree	bf5c5b9e459bb6e71b5d2cc7277469fdd581a1cc /arch
parent	9e2dcd00681f852c1cb1864f79e9992ea1b5981f (diff)