diff options
| author | Michael Brown | 2014-03-05 13:25:21 +0100 |
|---|---|---|
| committer | Michael Brown | 2014-03-05 13:32:00 +0100 |
| commit | 1137fa32687cd0e1784683318a5381c41856a531 (patch) | |
| tree | 74d0bbb61e61a1a6243118d2d50119a67a8072f9 | |
| parent | [realtek] Include link status register details in debug messages (diff) | |
| download | ipxe-1137fa32687cd0e1784683318a5381c41856a531.tar.gz ipxe-1137fa32687cd0e1784683318a5381c41856a531.tar.xz ipxe-1137fa32687cd0e1784683318a5381c41856a531.zip | |
[romprefix] Do not clobber stack segment when returning to BIOS
Commit c429bf0 ("[romprefix] Store boot bus:dev.fn address as autoboot
device location") introduced a regression by using register %cx to
temporarily hold the PCI bus:dev.fn address, despite the fact that %cx
was already being used to hold the stored BIOS stack segment.
Consequently, when returning to the BIOS after a failed or cancelled
boot attempt, iPXE would end up calling INT 18 with the stack segment
set equal to the PCI bus:dev.fn address. Writing to essentially
random areas of memory tends to upset even the more robust BIOSes.
Fix by using register %ax to temporarily hold the PCI bus:dev.fn
address.
Reported-by: Anton D. Kachalov <mouse@yandex-team.ru>
Tested-by: Anton D. Kachalov <mouse@yandex-team.ru>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/arch/i386/prefix/romprefix.S | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/arch/i386/prefix/romprefix.S b/src/arch/i386/prefix/romprefix.S index d606006e8..69f35f78c 100644 --- a/src/arch/i386/prefix/romprefix.S +++ b/src/arch/i386/prefix/romprefix.S @@ -740,13 +740,13 @@ exec: /* Set %ds = %cs */ .section ".text16", "awx", @progbits 1: /* Retrieve PCI bus:dev.fn */ - movw init_pci_busdevfn, %cx + movw init_pci_busdevfn, %ax /* Set up %ds for access to .data16 */ movw %bx, %ds /* Store PCI bus:dev.fn */ - movw %cx, autoboot_busdevfn + movw %ax, autoboot_busdevfn /* Call main() */ pushl $main |