URL: <http://savannah.gnu.org/bugs/?50715>
Summary: GRUB stack overwriting PXE stack (or the other way around) Project: GNU GRUB Submitted by: tomkep Submitted on: Tue 04 Apr 2017 11:39:59 AM UTC Category: Network Severity: Major Priority: 5 - Normal Item Group: Software Error Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Discussion Lock: Any Release: Release: 2.02~rc1 Reproducibility: Every Time Planned Release: None _______________________________________________________ Details: Grub is used fixed memory location in the first 640kB (real memory) for its stack when calling real mode services (like PXE, iterrupts and so on). The code leadng to this conclusion is: grub-core/kern/i386/realmode.S: protstack: .long GRUB_MEMORY_MACHINE_PROT_STACK : protcseg: : /* get protected mode stack */ movl<-->protstack, %eax movl<-->%eax, %esp movl<-->%eax, %ebp where GRUB_MEMORY_MACHINE_PROT_STACK evaluates to 0x7FFF0 from the constants given in include/grub/i386/memory_raw.h file. Please note that this location IS NOT SAFE to use in certain configurations which use large then usual areas in EBDA and which also use PXE. The first is common for either some iSCSI boot configurations or for some RAID controllers where EBDA usage jumps to 40-50kB. PXE alone will additionally require 86kB (1G Intel PXE version 1.5.84) and it WILL LOCATE ITSELF right below the EBDA. Given the fact that PXE allocates its stack at the bottom of its memory, it can happen that PXE stack and grub stack will at some point try to occupy the same memory location. Grub CANNOT make assumptions like that about memory areas. It has to check E820 memory map for the safe address space to use for its stack location and it has additionally to take into account any software (like PXE) which only modifies 'available base memory' location at 0x40:0x13 in BDA to hide its memory from other programs. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?50715> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-grub mailing list Bug-grub@gnu.org https://lists.gnu.org/mailman/listinfo/bug-grub