CVS commit: [netbsd-9] src/sys/arch/i386/stand/lib

Martin Husemann Tue, 03 Sep 2024 08:30:53 -0700

Module Name:    src
Committed By:   martin
Date:           Tue Sep  3 15:29:05 UTC 2024


Modified Files:
        src/sys/arch/i386/stand/lib [netbsd-9]: biosmemx.S bootinfo_memmap.c
            getextmemx.c

Log Message:
Pull up following revision(s) (requested by andvar in ticket #1884):

        sys/arch/i386/stand/lib/bootinfo_memmap.c: revision 1.7
        sys/arch/i386/stand/lib/bootinfo_memmap.c: revision 1.8
        sys/arch/i386/stand/lib/getextmemx.c: revision 1.11
        sys/arch/i386/stand/lib/getextmemx.c: revision 1.12
        sys/arch/i386/stand/lib/biosmemx.S: revision 1.12
        sys/arch/i386/stand/lib/biosmemx.S: revision 1.13

Allocate buf[6] instead of buf[5] to work around buggy firmware, which may
write mementry to 24 bytes instead 20 requested with ACPI 3.0 enabled,
causing corrupted stack and wrong marks[] values in common_load_kernel().

This in turn was leading to erroneous caluclations and memory addresses.

This eventually may result in null pointer dereference in the kernel and sudden
reboot for VIA based systems.

Commit should fix boot issues for VIA C7-M based HP 2133 Mini-Note,
mentioned in the original bug report. For AMD based HP Compaq 6005 Pro
discussed in a separate thread, the issue may be different.

Tested on my VIA C7-D based Biostar Viotech 3100+ motherboard.
PR install/49470

i386/stand/lib: Nix trailing whitespace and tidy comments a bit.
No functional change intended.
PR port-amd64/49470: NetBSD 7 BETA reboots after bootloader (HP 2133)


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.10.20.1 src/sys/arch/i386/stand/lib/biosmemx.S
cvs rdiff -u -r1.5.70.1 -r1.5.70.2 \
    src/sys/arch/i386/stand/lib/bootinfo_memmap.c
cvs rdiff -u -r1.10 -r1.10.58.1 src/sys/arch/i386/stand/lib/getextmemx.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/i386/stand/lib/biosmemx.S
diff -u src/sys/arch/i386/stand/lib/biosmemx.S:1.10 src/sys/arch/i386/stand/lib/biosmemx.S:1.10.20.1
--- src/sys/arch/i386/stand/lib/biosmemx.S:1.10	Sun Dec  4 08:21:08 2016
+++ src/sys/arch/i386/stand/lib/biosmemx.S	Tue Sep  3 15:29:05 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: biosmemx.S,v 1.10 2016/12/04 08:21:08 maxv Exp $	*/
+/*	$NetBSD: biosmemx.S,v 1.10.20.1 2024/09/03 15:29:05 martin Exp $	*/
 
 /*
  * Copyright (c) 1997, 1999
@@ -84,12 +84,30 @@ ENTRY(getextmem2)
 	ret
 
 /*
- * int getmementry(int *iterator, int buffer[5])
+ * int getmementry(int *iterator, int buffer[6])
  *
  * return: 0=ok, else error
  * buffer[0]: start of memory chunk
  * buffer[2]: length (bytes)
  * buffer[4]: type
+ * buffer[5]: ACPI 3.0 Extended Attributes bitfield (unused)
+ *
+ * Some buggy BIOSes may write to 24 bytes even if only 20 were requested.
+ * Therefore, the buffer is defined for 6 elements to avoid stack buffer
+ * overruns.  See PR install/49470.
+ *
+ * More details can be found in the:
+ *
+ *	Advanced Configuration and Power Interface (ACPI)
+ *	Specification, Release 6.5, 2022-08-29, UEFI Forum, Inc.,
+ *	Sec. 15.1 `INT 15H E820H - Query System Address Map',
+ *	pp. 756-757
+ *	https://uefi.org/sites/default/files/resources/ACPI_Spec_6_5_Aug29.pdf#page=824
+ *	https://uefi.org/specs/ACPI/6.5/15_System_Address_Map_Interfaces.html#int-15h-e820h-query-system-address-map
+ *
+ * as well as this OSDev.org wiki page:
+ *
+ *	https://wiki.osdev.org/Detecting_Memory_(x86)#BIOS_Function:_INT_0x15,_EAX_=_0xE820
  */
 ENTRY(getmementry)
 	pushl	%ebp

Index: src/sys/arch/i386/stand/lib/bootinfo_memmap.c
diff -u src/sys/arch/i386/stand/lib/bootinfo_memmap.c:1.5.70.1 src/sys/arch/i386/stand/lib/bootinfo_memmap.c:1.5.70.2
--- src/sys/arch/i386/stand/lib/bootinfo_memmap.c:1.5.70.1	Tue Sep 17 19:31:59 2019
+++ src/sys/arch/i386/stand/lib/bootinfo_memmap.c	Tue Sep  3 15:29:05 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: bootinfo_memmap.c,v 1.5.70.1 2019/09/17 19:31:59 martin Exp $	*/
+/*	$NetBSD: bootinfo_memmap.c,v 1.5.70.2 2024/09/03 15:29:05 martin Exp $	*/
 
 /*
  * Copyright (c) 1999
@@ -37,7 +37,11 @@ extern int getmementry(int *, int *);
 void
 bi_getmemmap(void)
 {
-	int buf[5], i, nranges, n;
+	/*
+	 * Allocate 6 words, not 5, to work around buggy firmware --
+	 * see comment on getmementry in biosmemx.S.
+	 */
+	int buf[6], i, nranges, n;
 
 	nranges = 0;
 	i = 0;

Index: src/sys/arch/i386/stand/lib/getextmemx.c
diff -u src/sys/arch/i386/stand/lib/getextmemx.c:1.10 src/sys/arch/i386/stand/lib/getextmemx.c:1.10.58.1
--- src/sys/arch/i386/stand/lib/getextmemx.c:1.10	Thu Jun 16 13:27:59 2011
+++ src/sys/arch/i386/stand/lib/getextmemx.c	Tue Sep  3 15:29:05 2024
@@ -1,4 +1,4 @@
-/*	$NetBSD: getextmemx.c,v 1.10 2011/06/16 13:27:59 joerg Exp $	*/
+/*	$NetBSD: getextmemx.c,v 1.10.58.1 2024/09/03 15:29:05 martin Exp $	*/
 
 /*
  * Copyright (c) 1997, 1999
@@ -38,7 +38,11 @@
 int
 getextmemx(void)
 {
-	int buf[5], i;
+	/*
+	 * Allocate 6 words, not 5, to work around buggy firmware --
+	 * see comment on getmementry in biosmemx.S.
+	 */
+	int buf[6], i;
 	int extmem = getextmem1();
 #ifdef SUPPORT_PS2
 	struct {

CVS commit: [netbsd-9] src/sys/arch/i386/stand/lib

Reply via email to