Zhenzhong Duan
2013-Aug-16 02:17 UTC
[PATCH] Minor change to avoid potental overflow accessing pci option roms
When scan pci option roms space, there is possibility to access beyond OPTIONROM_PHYSICAL_END for 2K. This patch make the code robust though there are other checks such as 0x55AA signature. Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com> --- tools/firmware/rombios/rombios.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/firmware/rombios/rombios.c b/tools/firmware/rombios/rombios.c index 057aced..f5ac33e 100644 --- a/tools/firmware/rombios/rombios.c +++ b/tools/firmware/rombios/rombios.c @@ -10648,7 +10648,7 @@ rom_scan_increment: add cx, ax pop ax ;; Restore AX cmp cx, ax - jbe rom_scan_loop + jb rom_scan_loop xor ax, ax ;; Restore DS back to 0000: mov ds, ax @@ -11022,7 +11022,7 @@ post_default_ints: call post_init_pic mov cx, #0xc000 ;; init vga bios - mov ax, #0xc780 + mov ax, #0xc800 call rom_scan call _print_bios_banner -- 1.7.3
Konrad Rzeszutek Wilk
2013-Aug-16 12:27 UTC
Re: [PATCH] Minor change to avoid potental overflow accessing pci option roms
On Fri, Aug 16, 2013 at 10:17:51AM +0800, Zhenzhong Duan wrote:> When scan pci option roms space, there is possibility to access beyond > OPTIONROM_PHYSICAL_END for 2K.And what happens if you do that?> > This patch make the code robust though there are other checks such as > 0x55AA signature.You seemed to have forgotten to CC the maintainers. The MAINTAINERS file in Xen top directory has a listing.> > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com> > --- > tools/firmware/rombios/rombios.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/tools/firmware/rombios/rombios.c b/tools/firmware/rombios/rombios.c > index 057aced..f5ac33e 100644 > --- a/tools/firmware/rombios/rombios.c > +++ b/tools/firmware/rombios/rombios.c > @@ -10648,7 +10648,7 @@ rom_scan_increment: > add cx, ax > pop ax ;; Restore AX > cmp cx, ax > - jbe rom_scan_loop > + jb rom_scan_loop > > xor ax, ax ;; Restore DS back to 0000: > mov ds, ax > @@ -11022,7 +11022,7 @@ post_default_ints: > call post_init_pic > > mov cx, #0xc000 ;; init vga bios > - mov ax, #0xc780 > + mov ax, #0xc800 > call rom_scan > > call _print_bios_banner > -- > 1.7.3 >
Zhenzhong Duan
2013-Aug-19 02:26 UTC
Re: [PATCH] Minor change to avoid potental overflow accessing pci option roms
于 2013-08-16 20:27, Konrad Rzeszutek Wilk 写道:> On Fri, Aug 16, 2013 at 10:17:51AM +0800, Zhenzhong Duan wrote: >> When scan pci option roms space, there is possibility to access beyond >> OPTIONROM_PHYSICAL_END for 2K. > And what happens if you do that?I guess nothing will happen. zduan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Konrad Rzeszutek Wilk
2013-Aug-19 14:50 UTC
Re: [PATCH] Minor change to avoid potental overflow accessing pci option roms
On Mon, Aug 19, 2013 at 10:26:33AM +0800, Zhenzhong Duan wrote:> > 于 2013-08-16 20:27, Konrad Rzeszutek Wilk 写道: > >On Fri, Aug 16, 2013 at 10:17:51AM +0800, Zhenzhong Duan wrote: > >>When scan pci option roms space, there is possibility to access beyond > >>OPTIONROM_PHYSICAL_END for 2K. > >And what happens if you do that? > I guess nothing will happen.OK. So this is more of a 'bad bug by code inspection', which is absolutly fine. Just please include that in the commit description. Thanks!> > zduan_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel