]>
Commit | Line | Data |
---|---|---|
1c8c426f KW |
1 | /* |
2 | * Copyright (c) 2018 Kevin Wolf <kwolf@redhat.com> | |
3 | * | |
4 | * Permission is hereby granted, free of charge, to any person obtaining a copy | |
5 | * of this software and associated documentation files (the "Software"), to deal | |
6 | * in the Software without restriction, including without limitation the rights | |
7 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
8 | * copies of the Software, and to permit persons to whom the Software is | |
9 | * furnished to do so, subject to the following conditions: | |
10 | * | |
11 | * The above copyright notice and this permission notice shall be included in | |
12 | * all copies or substantial portions of the Software. | |
13 | * | |
14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
15 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL | |
17 | * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
19 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
20 | * THE SOFTWARE. | |
21 | */ | |
22 | ||
23 | .section multiboot | |
24 | ||
25 | #define MB_MAGIC 0x1badb002 | |
26 | #define MB_FLAGS 0x10000 | |
27 | #define MB_CHECKSUM -(MB_MAGIC + MB_FLAGS) | |
28 | ||
29 | .align 4 | |
30 | .int MB_MAGIC | |
31 | .int MB_FLAGS | |
32 | .int MB_CHECKSUM | |
33 | ||
34 | #define LAST_BYTE_VALUE 0xa5 | |
35 | ||
36 | /* | |
37 | * Order of fields in the a.out kludge header fields: | |
38 | * | |
39 | * header_addr | |
40 | * load_addr | |
41 | * load_end_addr | |
42 | * bss_end_addr | |
43 | * entry_addr | |
44 | */ | |
45 | #if SCENARIO == 1 | |
46 | /* Well-behaved kernel file with explicit bss_end */ | |
47 | .int 0x100000 | |
48 | .int 0x100000 | |
49 | .int data_end | |
50 | .int data_end | |
51 | .int _start | |
52 | #elif SCENARIO == 2 | |
53 | /* Well-behaved kernel file with default bss_end */ | |
54 | .int 0x100000 | |
55 | .int 0x100000 | |
56 | .int data_end | |
57 | .int 0 | |
58 | .int _start | |
59 | #elif SCENARIO == 3 | |
60 | /* Well-behaved kernel file with default load_end */ | |
61 | .int 0x100000 | |
62 | .int 0x100000 | |
63 | .int 0 | |
64 | .int 0 | |
65 | .int _start | |
66 | #elif SCENARIO == 4 | |
67 | /* Well-behaved kernel file with load_end < data_end and bss > data_end */ | |
68 | #undef LAST_BYTE_VALUE | |
69 | #define LAST_BYTE_VALUE 0 | |
70 | .int 0x100000 | |
71 | .int 0x100000 | |
72 | .int code_end | |
73 | .int 0x140000 | |
74 | .int _start | |
75 | #elif SCENARIO == 5 | |
76 | /* header < load */ | |
77 | .int 0x10000 | |
78 | .int 0x100000 | |
79 | .int data_end | |
80 | .int data_end | |
81 | .int _start | |
82 | #elif SCENARIO == 6 | |
83 | /* load_end < load */ | |
84 | .int 0x100000 | |
85 | .int 0x100000 | |
86 | .int 0x10000 | |
87 | .int data_end | |
88 | .int _start | |
89 | #elif SCENARIO == 7 | |
90 | /* header much larger than in reality with default load_end */ | |
91 | .int 0x80000000 | |
92 | .int 0x100000 | |
93 | .int 0 | |
94 | .int data_end | |
95 | .int _start | |
96 | #elif SCENARIO == 8 | |
97 | /* bss_end < load_end - load (regression test for CVE-2018-7550) */ | |
98 | .int 0x100000 | |
99 | .int 0x100000 | |
100 | .int data_end | |
101 | .int code_end | |
102 | .int _start | |
103 | #elif SCENARIO == 9 | |
104 | /* Default load_end_addr, load_addr + kernel_file_size > UINT32_MAX */ | |
105 | .int 0xfffff000 | |
106 | .int 0xfffff000 | |
107 | .int 0 | |
108 | .int 0xfffff001 | |
109 | .int _start | |
110 | #else | |
111 | #error Invalid SCENARIO | |
112 | #endif | |
113 | ||
114 | .section .text | |
115 | .global _start | |
116 | _start: | |
117 | xor %eax, %eax | |
118 | ||
119 | cmpb $LAST_BYTE_VALUE, last_byte | |
120 | je passed | |
121 | or $0x1, %eax | |
122 | passed: | |
123 | ||
124 | /* Test device exit */ | |
125 | outl %eax, $0xf4 | |
126 | ||
127 | cli | |
128 | hlt | |
129 | jmp . | |
130 | code_end: | |
131 | ||
132 | #if SCENARIO != 8 | |
133 | .space 8192 | |
134 | #endif | |
135 | ||
136 | last_byte: | |
137 | .byte 0xa5 | |
138 | data_end: |