From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1JGjun-0000Fm-AU for mharc-grub-devel@gnu.org; Sun, 20 Jan 2008 18:49:25 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JGjul-0000Er-HQ for grub-devel@gnu.org; Sun, 20 Jan 2008 18:49:23 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JGjuj-0000EV-C4 for grub-devel@gnu.org; Sun, 20 Jan 2008 18:49:22 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JGjuj-0000ER-5X for grub-devel@gnu.org; Sun, 20 Jan 2008 18:49:21 -0500 Received: from aybabtu.com ([69.60.117.155]) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1JGjui-000294-Q1 for grub-devel@gnu.org; Sun, 20 Jan 2008 18:49:20 -0500 Received: from [192.168.10.6] (helo=thorin) by aybabtu.com with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from ) id 1JGjuc-0007eU-1x for grub-devel@gnu.org; Mon, 21 Jan 2008 00:49:20 +0100 Received: from rmh by thorin with local (Exim 4.63) (envelope-from ) id 1JGjsw-0006W2-Fq for grub-devel@gnu.org; Mon, 21 Jan 2008 00:47:30 +0100 Date: Mon, 21 Jan 2008 00:47:30 +0100 From: Robert Millan To: The development of GRUB 2 Message-ID: <20080120234730.GA24779@thorin> References: <20080116230529.GA28677@thorin> <20080117122130.GB2399@thorin> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Organization: free as in freedom X-Message-Flag: Worried about Outlook viruses? Switch to Thunderbird! www.mozilla.com/thunderbird X-Debbugs-No-Ack: true User-Agent: Mutt/1.5.13 (2006-08-11) X-detected-kernel: by monty-python.gnu.org: Genre and OS details not recognized. Subject: Re: nested functions used by multiboot2 loader corrupt stack X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jan 2008 23:49:23 -0000 On Thu, Jan 17, 2008 at 11:47:50PM +0800, Bean wrote: > > Embedded function used %ecx to store the pointer to it's parent's > stack. However, the program is compiled using option -mregparm=3, > which means it can use up to 3 registry to pass parameter.In > grub_elf32_load_segment, there are three parameter elf, phdr and hook, > which will take up %eax, %edx and %ecx. The value of %ecx, hook, will > be overwritten. Use NESTED_FUNC_ATTR ensure that only the first two > parameter will be passed using registry > > This problem can occur when the following conditions are true: > > 1, Use embedded function as callback. > 2, The embedded function use local variable in it's parent's stack. > 3, The embedded function has at least three parameters. Thanks for the explanation, I think I got the idea now. I reviewed all GRUB code for other instances of this bug, and only found the equivalent 64-bit versions of the functions you fixed to be affected. Just committed a fix based on your patch (plus the 64-bit ones). -- Robert Millan I know my rights; I want my phone call! What use is a phone call… if you are unable to speak? (as seen on /.)