grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

nested functions used by multiboot2 loader corrupt stack


From: Robert Millan
Subject: nested functions used by multiboot2 loader corrupt stack
Date: Thu, 17 Jan 2008 00:05:29 +0100
User-agent: Mutt/1.5.13 (2006-08-11)

I got pretty confused at this one.  Maybe someone can sort this out.  I'm
afraid I can't :-(

It seems that at some point when loading multiboot2 images, our stack is
corrupted for no apparent reason and one of the hooks in our nested function
calls ends up jumping to the wrong place.

This hangs qemu 0.9.0, but qemu 0.9.1 aborts with "triple fault" message.

I added a few printf calls to trace what's going on, and switched to serial
terminal so that the output can be captured.  My debugging patch is attached.
This is the output:

grub_mb2_load_elf: going to call grub_elf32_load using 
grub_mb2_arch_elf32_hook=0x7ffc72c as hook
grub_elf32_load: going to call grub_elf32_phdr_iterate using 
grub_elf32_load_segment=0x7dda4 as hook, and _load_hook=0x7ffc72c as hook's hook
grub_elf32_phdr_iterate: going to call hook=0x7dda4 using hook_arg=0x7ffc72c as 
hook
grub_elf32_load_segment: going to call load_hook=0x7dd9c
qemu: fatal: triple fault
EAX=0004be50 EBX=0004bf30 ECX=0008de66 EDX=0007dd2c
ESI=0004be50 EDI=0007dd9c EBP=0007dd3c ESP=0007dd10
EIP=0007dda0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0

This seems to indicate that grub_elf32_phdr_iterate() called its hook, 0x7dda4,
aka grub_elf32_load_segment() with proper hook_arg parameter = 0x7ffc72c, aka
grub_mb2_arch_elf32_hook().

When grub_elf32_load_segment() starts, its hook_arg parameter (now known as
load_hook) has been corrupted and now points at 0x7dd9c.  The other two
parameters in this function are not tainted, only the third one is.

I'm not sure how to proceed from here.  I really miss a debugger in these
cases :-(

Also attaching the sample multiboot2 program I used.  I'm not sure of its
correctness, but nevertheless GRUB shouldn't crash because of incorrect
images; specially not at this point.

-- 
Robert Millan

<GPLv2> I know my rights; I want my phone call!
<DRM> What use is a phone call… if you are unable to speak?
(as seen on /.)

Attachment: debug_multiboot2.diff
Description: Text Data

Attachment: hello.S
Description: Text document


reply via email to

[Prev in Thread] Current Thread [Next in Thread]