[Xen-changelog] [xen-unstable] x86/64: Avoid bogus mbi pointer into relocated Xen address space.

[Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>]

# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1182181685 -3600
# Node ID b1eb43f94a3aa913f01ea7456f728ba3ea0ce21a
# Parent  58b6223074afe9911b2bfb1f0adbf5e88638dfb7
x86/64: Avoid bogus mbi pointer into relocated Xen address space.
Prevent similar bugs in future by poisoning the relocated bottom
megabyte.
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
---
 xen/arch/x86/boot/x86_32.S |    4 +---
 xen/arch/x86/boot/x86_64.S |    2 --
 xen/arch/x86/setup.c       |    6 +++++-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff -r 58b6223074af -r b1eb43f94a3a xen/arch/x86/boot/x86_32.S
--- a/xen/arch/x86/boot/x86_32.S        Mon Jun 18 16:47:16 2007 +0100
+++ b/xen/arch/x86/boot/x86_32.S        Mon Jun 18 16:48:05 2007 +0100
@@ -30,9 +30,7 @@ 1:      mov     %eax,(%edi)
         loop    1b
                 
         /* Pass off the Multiboot info structure to C land. */
-        mov     multiboot_ptr,%eax
-        add     $__PAGE_OFFSET,%eax
-        push    %eax
+        pushl   multiboot_ptr
         call    __start_xen
         ud2     /* Force a panic (invalid opcode). */
 
diff -r 58b6223074af -r b1eb43f94a3a xen/arch/x86/boot/x86_64.S
--- a/xen/arch/x86/boot/x86_64.S        Mon Jun 18 16:47:16 2007 +0100
+++ b/xen/arch/x86/boot/x86_64.S        Mon Jun 18 16:48:05 2007 +0100
@@ -51,8 +51,6 @@ 1:      movq    %rax,(%rdi)
 
         /* Pass off the Multiboot info structure to C land. */
         mov     multiboot_ptr(%rip),%edi
-        lea     start-0x100000(%rip),%rax
-        add     %rax,%rdi
         call    __start_xen
         ud2     /* Force a panic (invalid opcode). */
 
diff -r 58b6223074af -r b1eb43f94a3a xen/arch/x86/setup.c
--- a/xen/arch/x86/setup.c      Mon Jun 18 16:47:16 2007 +0100
+++ b/xen/arch/x86/setup.c      Mon Jun 18 16:48:05 2007 +0100
@@ -402,7 +402,7 @@ void init_done(void)
     startup_cpu_idle_loop();
 }
 
-void __init __start_xen(multiboot_info_t *mbi)
+void __init __start_xen(unsigned long mbi_p)
 {
     char *memmap_type = NULL;
     char __cmdline[] = "", *cmdline = __cmdline;
@@ -410,6 +410,7 @@ void __init __start_xen(multiboot_info_t
     unsigned int initrdidx = 1;
     char *_policy_start = NULL;
     unsigned long _policy_len = 0;
+    multiboot_info_t *mbi = __va(mbi_p);
     module_t *mod = (module_t *)__va(mbi->mods_addr);
     unsigned long nr_pages, modules_length;
     int i, e820_warn = 0, bytes = 0;
@@ -678,6 +679,9 @@ void __init __start_xen(multiboot_info_t
             barrier();
             move_memory(e, 0, __pa(&_end) - xen_phys_start);
 
+            /* Poison low 1MB to detect stray pointers to physical 0-1MB. */
+            memset(maddr_to_bootstrap_virt(e), 0x55, 1U<<20);
+
             /* Walk initial pagetables, relocating page directory entries. */
             pl4e = __va(__pa(idle_pg_table));
             for ( i = 0 ; i < L4_PAGETABLE_ENTRIES; i++, pl4e++ )

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog