[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #50715] GRUB stack overwriting PXE stack (or the other way around)
From: |
Tomasz Kępczyński |
Subject: |
[bug #50715] GRUB stack overwriting PXE stack (or the other way around) |
Date: |
Tue, 4 Apr 2017 07:40:02 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 |
URL:
<http://savannah.gnu.org/bugs/?50715>
Summary: GRUB stack overwriting PXE stack (or the other way
around)
Project: GNU GRUB
Submitted by: tomkep
Submitted on: Tue 04 Apr 2017 11:39:59 AM UTC
Category: Network
Severity: Major
Priority: 5 - Normal
Item Group: Software Error
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release:
Release: 2.02~rc1
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
Grub is used fixed memory location in the first 640kB (real memory) for its
stack when calling real mode services (like PXE, iterrupts and so on). The
code leadng to this conclusion is:
grub-core/kern/i386/realmode.S:
protstack:
.long GRUB_MEMORY_MACHINE_PROT_STACK
:
protcseg:
:
/* get protected mode stack */
movl<-->protstack, %eax
movl<-->%eax, %esp
movl<-->%eax, %ebp
where GRUB_MEMORY_MACHINE_PROT_STACK evaluates to 0x7FFF0 from the constants
given in include/grub/i386/memory_raw.h file.
Please note that this location IS NOT SAFE to use in certain configurations
which use large then usual areas in EBDA and which also use PXE. The first is
common for either some iSCSI boot configurations or for some RAID controllers
where EBDA usage jumps to 40-50kB. PXE alone will additionally require 86kB
(1G Intel PXE version 1.5.84) and it WILL LOCATE ITSELF right below the EBDA.
Given the fact that PXE allocates its stack at the bottom of its memory, it
can happen that PXE stack and grub stack will at some point try to occupy the
same memory location.
Grub CANNOT make assumptions like that about memory areas. It has to check
E820 memory map for the safe address space to use for its stack location and
it has additionally to take into account any software (like PXE) which only
modifies 'available base memory' location at 0x40:0x13 in BDA to hide its
memory from other programs.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?50715>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #50715] GRUB stack overwriting PXE stack (or the other way around),
Tomasz Kępczyński <=