lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4B80C892.9000303@zytor.com>
Date:	Sat, 20 Feb 2010 21:45:54 -0800
From:	"H. Peter Anvin" <hpa@...or.com>
To:	Graeme Russ <graeme.russ@...il.com>
CC:	linux-kernel@...r.kernel.org
Subject: Re: x86 embedded - Problem getting past 'move compressed kernel before
 decompression'

On 02/20/2010 06:03 PM, Graeme Russ wrote:
> 
> The following is something I have hacked together to jump into the 32-bit
> start address of the Linux Kernel:
> 
> struct boot_params boot_params __attribute__((aligned(16)));
> struct setup_header *hdr = (struct setup_header *)(0x90000 + 0x1f1);
> 
> void boot_zimage(void *setup_base)
> {
> 	memset(&boot_params, 0x00, sizeof boot_params);
> 	memcpy(&boot_params.hdr, hdr, sizeof (*hdr));
> 
> 	boot_params.alt_mem_k = 128 * 1024;
> 	boot_params.e820_entries = 1;
> 	boot_params.e820_map[0].addr = 0x00000000;
> 	boot_params.e820_map[0].size = 128 * 1024;
> 	boot_params.e820_map[0].type = 1;
> 
> 	asm(	"movw	$0x18, %%cx\n" \
> 		"movl	%%ecx, %%ds\n" \
> 		"movl	%%ecx, %%es\n" \
> 		"movl	%%ecx, %%fs\n" \
> 		"movl	%%ecx, %%gs\n" \
> 		"movl	%%ecx, %%ss\n" \
> 		"xorl	%%ebp, %%ebp\n" \
> 		"xorl	%%edi, %%edi\n" \
> 		"xorl	%%ebx, %%ebx\n" \
> 		"movl	%0, %%esi\n"
                        ^^
> 		"movl   $0x100000, %%eax\n" \
> 		"jmpl	*%%eax" : : "r"(&boot_params));
                                     ^

At this point you have probably clobbered the register that you have
your boot_params in.

Instead, do something like:

	asm volatile(
 		"movl	%0, %%ds\n" \
 		"movl	%0, %%es\n" \
 		"movl	%0, %%fs\n" \
 		"movl	%0, %%gs\n" \
		"movl	%0, %%ss\n" \
		"xorl	%ebp, %ebp\n" \
		"xorl	%ebx, %ebx\n" \
 		"movl   $0x100000, %%eax\n" \
 		"ljmpl	$0x10,$0x100000"
	 : : "S" (&boot_params), "D" (0), "c" (0x18));

	-hpa

-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ