[coreboot] [PATCH] Fix v3 GeodeLX stack and global variable pointer corruption
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Wed Oct 8 17:56:51 CEST 2008
Ron?
I believe that fix is really needed and the may have been the culprit of
some real-world unexplained strangeness.
Regards,
Carl-Daniel
On 08.10.2008 03:05, Carl-Daniel Hailfinger wrote:
> On 08.10.2008 02:29, Peter Stuge wrote:
>
>> Carl-Daniel Hailfinger wrote:
>>
>>
>>> Fix v3 GeodeLX stack and global variable pointer corruption.
>>> We had a jump instead of a call to stage1_main in geodelx/stage0.S. That
>>> means all accesses to bist and init_detected were off by 8 bytes and
>>> collided with accesses to the global variable pointer.
>>>
>>>
>> Can you explain what, if any, effect this bug had or could have had
>> in practice?
>>
>>
>
> Sure.
> 1.) If gcc had decided to reload bist from stack after initializing the
> global variable pointer, bist would have been nonzero, an indicator for
> processor failure.
> 2.) If gcc had decided to use the stack location of bist as a scratch
> register (and it probably is free to do so as long as the contents are
> restored before returning), it would have clobbered the global variable
> pointer, leading to NULL pointer dereferences.
> 3.) Any accesses to init_detected would have resulted in accessing 4
> bytes above the top of stack (0x87ffc-0x87fff), something the rest of
> the code deliberately avoids.
>
> Regards,
> Carl-Daniel
>
>
--
http://www.hailfinger.org/
More information about the coreboot
mailing list