[ipxe-devel] memory corruption with embedded script as initrd
Till Straumann
strauman at slac.stanford.edu
Wed Feb 8 01:24:09 UTC 2012
Hi.
Thanks for iPXE.
I built a lkrn image of ipxe-f6840ba (head as of 2/1/2012)
which I boot via grub-legacy.
When I used a script ('embedded' via the initrd method)
then I observed hangs or crashes.
I tracked this down to memory corruption due to the following:
arch/i386/core/runtime.c
allocates and registers an image for the embedded script
from 'inird_init()' which is a 'init_fn'.
Since the data area for this image is allocated via
umalloc() the heap 'lazy-init' kicks in at this point.
(arch/i386/interface/pcbios/memtop_umalloc.c)
However, this seems too early since now the entire (bios-reported)
memory which includes everything used/occupied by ipxe itself
is used by the heap.
It seems to me that using umalloc() can only safely
be called after 'hide_etherboot()' (arch/i386/firmware/pcbios/hidemem.c)
has constrained the reported memory to exclude the areas
used by iPXE. Note that 'hide_etherboot()' is a 'startup_fn'
and as such is only called *after* all 'init_fn's (and thus
'initrd_init()').
Once I converted 'initrd_init()' from a 'init_fn' to a
__startup_fn( STARTUP_NORMAL ) everything worked fine.
However, I'm not sure if my fix is the recommended solution
since I'm not acquainted well enough with the code.
Please CC me on any replies - I'm obviously not subscribed.
Regards
- Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: runtime.c.diff
Type: text/x-patch
Size: 1483 bytes
Desc: not available
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20120207/726e0bbe/attachment.bin>
More information about the ipxe-devel
mailing list