diff options
author | Michael Brown <mcb30@ipxe.org> | 2012-07-09 20:26:40 +0100 |
---|---|---|
committer | Michael Brown <mcb30@ipxe.org> | 2012-07-09 20:32:34 +0100 |
commit | 2c72ce04aef5cf3856ac822d182823847996bbc6 (patch) | |
tree | c67c88b57bfb060820ee18fcc77181e0083c60d9 | |
parent | 07bc73e0872730d1e6784c7460f12b836c77838d (diff) | |
download | ipxe-2c72ce04aef5cf3856ac822d182823847996bbc6.zip ipxe-2c72ce04aef5cf3856ac822d182823847996bbc6.tar.gz ipxe-2c72ce04aef5cf3856ac822d182823847996bbc6.tar.bz2 |
[bzimage] Update setup_move_size only for protocol versions 2.00 and 2.01
The setup_move_size field is not defined in protocol versions earlier
than 2.00 (and is obsolete in versions later than 2.01). In binaries
using versions earlier than 2.00, the relevant location is likely to
contain executable code.
Interestingly, this bug has been present since support for pre-2.00
protocol versions was added in 2009, and has been unexpectedly
modifying the memtest86+ code fragment:
mov $0x92, %dx
inb %dx, %al
Fortuitously, the modification exactly overwrote the value loaded into
%dx, and so the net effect was limited to causing Fast Gate A20
detection to always fail.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
-rw-r--r-- | src/arch/i386/image/bzimage.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/arch/i386/image/bzimage.c b/src/arch/i386/image/bzimage.c index cc7aeca..08eb4d3 100644 --- a/src/arch/i386/image/bzimage.c +++ b/src/arch/i386/image/bzimage.c @@ -214,7 +214,8 @@ static void bzimage_update_header ( struct image *image, } else { bzimg->cmdline_magic.magic = BZI_CMDLINE_MAGIC; bzimg->cmdline_magic.offset = bzimg->rm_cmdline; - bzimg->bzhdr.setup_move_size = bzimg->rm_memsz; + if ( bzimg->version >= 0x0200 ) + bzimg->bzhdr.setup_move_size = bzimg->rm_memsz; } /* Set video mode */ |