[bug #50715] GRUB stack overwriting PXE stack (or the other way around)

bug-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #50715] GRUB stack overwriting PXE stack (or the other way around)

From:	Tomasz Kępczyński
Subject:	[bug #50715] GRUB stack overwriting PXE stack (or the other way around)
Date:	Tue, 4 Apr 2017 07:40:02 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0

URL:
  <http://savannah.gnu.org/bugs/?50715>

                 Summary: GRUB stack overwriting PXE stack (or the other way
around)
                 Project: GNU GRUB
            Submitted by: tomkep
            Submitted on: Tue 04 Apr 2017 11:39:59 AM UTC
                Category: Network
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 
                 Release: 2.02~rc1
         Reproducibility: Every Time
         Planned Release: None

    _______________________________________________________

Details:

Grub is used fixed memory location in the first 640kB (real memory) for its
stack when calling real mode services (like PXE, iterrupts and so on). The
code leadng to this conclusion is:

grub-core/kern/i386/realmode.S:

protstack:
        .long   GRUB_MEMORY_MACHINE_PROT_STACK
:
protcseg:
:

        /* get protected mode stack */
        movl<-->protstack, %eax
        movl<-->%eax, %esp
        movl<-->%eax, %ebp

where GRUB_MEMORY_MACHINE_PROT_STACK evaluates to 0x7FFF0 from the constants
given in include/grub/i386/memory_raw.h file.

Please note that this location IS NOT SAFE to use in certain configurations
which use large then usual areas in EBDA and which also use PXE. The first is
common for either some iSCSI boot configurations or for some RAID controllers
where EBDA usage jumps to 40-50kB. PXE alone will additionally require 86kB
(1G Intel PXE version 1.5.84) and it WILL LOCATE ITSELF right below the EBDA.
Given the fact that PXE allocates its stack at the bottom of its memory, it
can happen that PXE stack and grub stack will at some point try to occupy the
same memory location.

Grub CANNOT make assumptions like that about memory areas. It has to check
E820 memory map for the safe address space to use for its stack location and
it has additionally to take into account any software (like PXE) which only
modifies 'available base memory' location at 0x40:0x13 in BDA to hide its
memory from other programs.




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?50715>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #50715] GRUB stack overwriting PXE stack (or the other way around), Tomasz Kępczyński <=
- [bug #50715] GRUB stack overwriting PXE stack (or the other way around), Andrei Borzenkov, 2017/04/06
  - [bug #50715] GRUB stack overwriting PXE stack (or the other way around), Tomasz Kępczyński, 2017/04/11

Prev by Date: [bug #49814] vbe does not reset display start
Next by Date: [bug #50597] GCC7: may be used uninitialized in this function
Previous by thread: [bug #49814] vbe does not reset display start
Next by thread: [bug #50715] GRUB stack overwriting PXE stack (or the other way around)
Index(es):
- Date
- Thread