From patchwork Thu Nov 12 11:20:58 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Naphtali Sprei <nsprei@redhat.com>
X-Patchwork-Id: 38238
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 8E85BB7B91
	for <incoming@patchwork.ozlabs.org>;
	Thu, 12 Nov 2009 22:37:19 +1100 (EST)
Received: from localhost ([127.0.0.1]:40611 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N8XzI-0006Rt-9j
	for incoming@patchwork.ozlabs.org; Thu, 12 Nov 2009 06:37:16 -0500
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N8Xjv-0002x4-78
	for qemu-devel@nongnu.org; Thu, 12 Nov 2009 06:21:23 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N8Xjp-0002qG-P5
	for qemu-devel@nongnu.org; Thu, 12 Nov 2009 06:21:22 -0500
Received: from [199.232.76.173] (port=44266 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N8Xjp-0002pv-HI
	for qemu-devel@nongnu.org; Thu, 12 Nov 2009 06:21:17 -0500
Received: from mx1.redhat.com ([209.132.183.28]:4634)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <nsprei@redhat.com>) id 1N8Xjo-0001qm-WF
	for qemu-devel@nongnu.org; Thu, 12 Nov 2009 06:21:17 -0500
Received: from int-mx05.intmail.prod.int.phx2.redhat.com
	(int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.18])
	by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id nACBL6Ys009490
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Thu, 12 Nov 2009 06:21:06 -0500
Received: from [10.35.0.60] (dhcp-0-60.tlv.redhat.com [10.35.0.60])
	by int-mx05.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with
	ESMTP id nACBKxab026470
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 12 Nov 2009 06:21:04 -0500
Message-ID: <4AFBEF9A.5010802@redhat.com>
Date: Thu, 12 Nov 2009 13:20:58 +0200
From: Naphtali Sprei <nsprei@redhat.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: qemu-devel@nongnu.org, Glauber Costa <glommer@redhat.com>,
	coreboot@coreboot.org
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.18
X-detected-operating-system: by monty-python.gnu.org: Genre and OS details
	not recognized.
Cc: 
Subject: [Qemu-devel] Stack corruption problem with SeaBIOS/gPXE under QEMU
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Hi,
I've found a problem with the usage of SeaBIOS/gPXE in Qemu.
The scenario is when failing to boot from network and falling back to booting from hard-disk (-boot nc).
The cause of the problem is that both SeaBIOS and gPXE (in it's installation phase) uses same stack area, 0x7c00.
The gPXE code corrupts the SeaBIOS stack, so when gPXE returns to SeaBIOS chaos occurs.

Output: "qemu: fatal: Trying to execute code outside RAM or ROM at 0x00000000eb300000"

A simple hack/patch (attached) solves this problem, but a proper patch expected from the SeaBIOS guys.

 Enjoy,

  Naphtali

Patch against current SeaBIOS git


Signed-off-by: Naphtali Sprei <nsprei@redhat.com>
---
 src/arch/i386/prefix/pxeprefix.S |    2 +-
 src/arch/i386/prefix/romprefix.S |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/arch/i386/prefix/pxeprefix.S b/src/arch/i386/prefix/pxeprefix.S
index b541e4b..11dd45d 100644
--- a/src/arch/i386/prefix/pxeprefix.S
+++ b/src/arch/i386/prefix/pxeprefix.S
@@ -47,7 +47,7 @@ FILE_LICENCE ( GPL2_OR_LATER )
 	/* Set up stack just below 0x7c00 */
 	xorw	%ax, %ax
 	movw	%ax, %ss
-	movl	$0x7c00, %esp
+	movl	$0x7a00, %esp
 	/* Clear direction flag, for the sake of sanity */
 	cld
 	/* Print welcome message */
diff --git a/src/arch/i386/prefix/romprefix.S b/src/arch/i386/prefix/romprefix.S
index cb474e8..93f3f17 100644
--- a/src/arch/i386/prefix/romprefix.S
+++ b/src/arch/i386/prefix/romprefix.S
@@ -587,7 +587,7 @@ exec:	/* Set %ds = %cs */
 	/* Obtain a reasonably-sized temporary stack */
 	xorw	%ax, %ax
 	movw	%ax, %ss
-	movw	$0x7c00, %sp
+	movw	$0x7a00, %sp
 
 	/* Install gPXE */
 	movl	image_source, %esi