direct-io.hg

view xen/arch/x86/boot/x86_64.S @ 15374:b1eb43f94a3a

x86/64: Avoid bogus mbi pointer into relocated Xen address space.
Prevent similar bugs in future by poisoning the relocated bottom
megabyte.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Mon Jun 18 16:48:05 2007 +0100 (2007-06-18)
parents 23c4790512db
children f50f0ec7dd2c
line source
1 .code64
3 /* Install relocated data selectors. */
4 lgdt gdt_descr(%rip)
5 mov $(__HYPERVISOR_DS64),%ecx
6 mov %ecx,%ds
7 mov %ecx,%es
8 mov %ecx,%fs
9 mov %ecx,%gs
10 mov %ecx,%ss
12 /* Enable full CR4 features. */
13 mov mmu_cr4_features(%rip),%rcx
14 mov %rcx,%cr4
16 mov stack_start(%rip),%rsp
17 or $(STACK_SIZE-CPUINFO_sizeof),%rsp
19 /* Reset EFLAGS (subsumes CLI and CLD). */
20 pushq $0
21 popf
23 /* Reload code selector. */
24 pushq $(__HYPERVISOR_CS64)
25 leaq 1f(%rip),%rax
26 pushq %rax
27 lretq
28 1: lidt idt_descr(%rip)
30 test %ebx,%ebx
31 jnz start_secondary
33 /* Initialise IDT with simple error defaults. */
34 leaq ignore_int(%rip),%rcx
35 movl %ecx,%eax
36 andl $0xFFFF0000,%eax
37 orl $0x00008E00,%eax
38 shlq $32,%rax
39 movl %ecx,%edx
40 andl $0x0000FFFF,%edx
41 orl $(__HYPERVISOR_CS64<<16),%edx
42 orq %rdx,%rax
43 shrq $32,%rcx
44 movl %ecx,%edx
45 leaq idt_table(%rip),%rdi
46 movl $256,%ecx
47 1: movq %rax,(%rdi)
48 movq %rdx,8(%rdi)
49 addq $16,%rdi
50 loop 1b
52 /* Pass off the Multiboot info structure to C land. */
53 mov multiboot_ptr(%rip),%edi
54 call __start_xen
55 ud2 /* Force a panic (invalid opcode). */
57 /* This is the default interrupt handler. */
58 int_msg:
59 .asciz "Unknown interrupt\n"
60 ignore_int:
61 cld
62 leaq int_msg(%rip),%rdi
63 xorl %eax,%eax
64 call printk
65 1: jmp 1b
68 /*** DESCRIPTOR TABLES ***/
70 .align 8, 0xCC
71 multiboot_ptr:
72 .long 0
74 .word 0
75 gdt_descr:
76 .word LAST_RESERVED_GDT_BYTE
77 .quad gdt_table - FIRST_RESERVED_GDT_BYTE
79 .word 0,0,0
80 idt_descr:
81 .word 256*16-1
82 .quad idt_table
84 ENTRY(stack_start)
85 .quad cpu0_stack
87 .align PAGE_SIZE, 0
88 ENTRY(gdt_table)
89 .quad 0x0000000000000000 /* unused */
90 .quad 0x00af9a000000ffff /* 0xe008 ring 0 code, 64-bit mode */
91 .quad 0x00cf92000000ffff /* 0xe010 ring 0 data */
92 .quad 0x0000000000000000 /* reserved */
93 .quad 0x00cffa000000ffff /* 0xe023 ring 3 code, compatibility */
94 .quad 0x00cff2000000ffff /* 0xe02b ring 3 data */
95 .quad 0x00affa000000ffff /* 0xe033 ring 3 code, 64-bit mode */
96 .quad 0x00cf9a000000ffff /* 0xe038 ring 0 code, compatibility */
97 .org gdt_table - FIRST_RESERVED_GDT_BYTE + __TSS(0) * 8
98 .fill 4*NR_CPUS,8,0 /* space for TSS and LDT per CPU */
100 .align PAGE_SIZE, 0
101 /* NB. Even rings != 0 get access to the full 4Gb, as only the */
102 /* (compatibility) machine->physical mapping table lives there. */
103 ENTRY(compat_gdt_table)
104 .quad 0x0000000000000000 /* unused */
105 .quad 0x00af9a000000ffff /* 0xe008 ring 0 code, 64-bit mode */
106 .quad 0x00cf92000000ffff /* 0xe010 ring 0 data */
107 .quad 0x00cfba000000ffff /* 0xe019 ring 1 code, compatibility */
108 .quad 0x00cfb2000000ffff /* 0xe021 ring 1 data */
109 .quad 0x00cffa000000ffff /* 0xe02b ring 3 code, compatibility */
110 .quad 0x00cff2000000ffff /* 0xe033 ring 3 data */
111 .quad 0x00cf9a000000ffff /* 0xe038 ring 0 code, compatibility */
112 .org compat_gdt_table - FIRST_RESERVED_GDT_BYTE + __TSS(0) * 8
113 .fill 4*NR_CPUS,8,0 /* space for TSS and LDT per CPU */