1c8c426fb4
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Jack Schwartz <jack.schwartz@oracle.com>
139 lines
3.2 KiB
ArmAsm
139 lines
3.2 KiB
ArmAsm
/*
|
|
* Copyright (c) 2018 Kevin Wolf <kwolf@redhat.com>
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
|
|
.section multiboot
|
|
|
|
#define MB_MAGIC 0x1badb002
|
|
#define MB_FLAGS 0x10000
|
|
#define MB_CHECKSUM -(MB_MAGIC + MB_FLAGS)
|
|
|
|
.align 4
|
|
.int MB_MAGIC
|
|
.int MB_FLAGS
|
|
.int MB_CHECKSUM
|
|
|
|
#define LAST_BYTE_VALUE 0xa5
|
|
|
|
/*
|
|
* Order of fields in the a.out kludge header fields:
|
|
*
|
|
* header_addr
|
|
* load_addr
|
|
* load_end_addr
|
|
* bss_end_addr
|
|
* entry_addr
|
|
*/
|
|
#if SCENARIO == 1
|
|
/* Well-behaved kernel file with explicit bss_end */
|
|
.int 0x100000
|
|
.int 0x100000
|
|
.int data_end
|
|
.int data_end
|
|
.int _start
|
|
#elif SCENARIO == 2
|
|
/* Well-behaved kernel file with default bss_end */
|
|
.int 0x100000
|
|
.int 0x100000
|
|
.int data_end
|
|
.int 0
|
|
.int _start
|
|
#elif SCENARIO == 3
|
|
/* Well-behaved kernel file with default load_end */
|
|
.int 0x100000
|
|
.int 0x100000
|
|
.int 0
|
|
.int 0
|
|
.int _start
|
|
#elif SCENARIO == 4
|
|
/* Well-behaved kernel file with load_end < data_end and bss > data_end */
|
|
#undef LAST_BYTE_VALUE
|
|
#define LAST_BYTE_VALUE 0
|
|
.int 0x100000
|
|
.int 0x100000
|
|
.int code_end
|
|
.int 0x140000
|
|
.int _start
|
|
#elif SCENARIO == 5
|
|
/* header < load */
|
|
.int 0x10000
|
|
.int 0x100000
|
|
.int data_end
|
|
.int data_end
|
|
.int _start
|
|
#elif SCENARIO == 6
|
|
/* load_end < load */
|
|
.int 0x100000
|
|
.int 0x100000
|
|
.int 0x10000
|
|
.int data_end
|
|
.int _start
|
|
#elif SCENARIO == 7
|
|
/* header much larger than in reality with default load_end */
|
|
.int 0x80000000
|
|
.int 0x100000
|
|
.int 0
|
|
.int data_end
|
|
.int _start
|
|
#elif SCENARIO == 8
|
|
/* bss_end < load_end - load (regression test for CVE-2018-7550) */
|
|
.int 0x100000
|
|
.int 0x100000
|
|
.int data_end
|
|
.int code_end
|
|
.int _start
|
|
#elif SCENARIO == 9
|
|
/* Default load_end_addr, load_addr + kernel_file_size > UINT32_MAX */
|
|
.int 0xfffff000
|
|
.int 0xfffff000
|
|
.int 0
|
|
.int 0xfffff001
|
|
.int _start
|
|
#else
|
|
#error Invalid SCENARIO
|
|
#endif
|
|
|
|
.section .text
|
|
.global _start
|
|
_start:
|
|
xor %eax, %eax
|
|
|
|
cmpb $LAST_BYTE_VALUE, last_byte
|
|
je passed
|
|
or $0x1, %eax
|
|
passed:
|
|
|
|
/* Test device exit */
|
|
outl %eax, $0xf4
|
|
|
|
cli
|
|
hlt
|
|
jmp .
|
|
code_end:
|
|
|
|
#if SCENARIO != 8
|
|
.space 8192
|
|
#endif
|
|
|
|
last_byte:
|
|
.byte 0xa5
|
|
data_end:
|