diff options
| author |   bluhm <bluhm@openbsd.org> | 2015-06-23 14:19:21 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2015-06-23 14:19:21 +0000 |
| commit | 19edda9e59693f92b50dbac0ff131d07b57b7808 (patch) | |
| tree | 944a6367a020fd04cbec059b325a2b95341083d7 | |
| parent | add some check before accessing data: (diff) | |
| download | wireguard-openbsd-19edda9e59693f92b50dbac0ff131d07b57b7808.tar.xz wireguard-openbsd-19edda9e59693f92b50dbac0ff131d07b57b7808.zip | |
If the kernel symbols fit completely into the 2 MB alignment hole
after kernel bss but before end of the image, the page tables used
the read-only mapping of the hole. When booting a small non-generic
kernel, this resulted in a crash, while writing to the page tables
later.
Make sure that the page tables are created after esym and after
end.
OK mlarkin@ deraadt@
| -rw-r--r-- | sys/arch/amd64/amd64/locore.S | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/arch/amd64/amd64/locore.S b/sys/arch/amd64/amd64/locore.S index c264f9a2de1..c2e4d4f9508 100644 --- a/sys/arch/amd64/amd64/locore.S +++ b/sys/arch/amd64/amd64/locore.S @@ -1,4 +1,4 @@ -/* $OpenBSD: locore.S,v 1.65 2015/05/18 19:59:27 guenther Exp $ */ +/* $OpenBSD: locore.S,v 1.66 2015/06/23 14:19:21 bluhm Exp $ */ /* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */ /* @@ -264,6 +264,10 @@ start: movw $0x1234,0x472 # warm boot movl 8(%esp),%eax movl %eax, RELOC(bootdev) + /* + * Syms are placed after last load and bss of the kernel. + * XXX Boot ignores 2MB roundup of _end, so esyms can be < _end. + */ movl 16(%esp), %eax testl %eax,%eax jz 1f @@ -423,6 +427,9 @@ cont: testl %eax,%eax jz 1f subl $KERNBASE_LO,%eax /* XXX */ + /* Page tables must be after symbols and after kernel image. */ + cmpl %eax,%edi + jg 1f movl %eax,%edi 1: #endif |