Re: [GIT PULL] x86 setup: correct booting on 486 (revised)

["H. Peter Anvin" <hpa@zytor.com>]

Linus Torvalds wrote:
> 
> On Sun, 4 Nov 2007, H. Peter Anvin wrote:
>> H. Peter Anvin (2):
>>       x86 setup: add a near jump to serialize %cr0 on 386/486
>>       x86 setup: set %ebx == %ebp == %edi == 0 on protected mode entry
> 
> Ok, I'm obviously happier, but I have to admit that the original code was 
> safer than the new code. It did both the short jump and the far jump 
> before reloading any segments.
> 
> So I suspect the new code _works_ fine, but it's simply not as 
> fundamentally safe as the old code was.
> 
> The old code did do some instructions in between the short jump and the 
> far jump, but they were all the kind of instructions that didn't care 
> about the PE bit: there was a _read_ of the segment descriptor value, but 
> that's mode-independent (it's only the writes that matter), and the other 
> instructions were bog-standard integer instructions.
> 
> So I would actually prefer some additional safety, with something like 
> the appended..
> 
> This is TOTALLY UNTESTED! I checked with objdump that the result looks 
> roughly ok, but I didn't really think through the segment base address in 
> that long jump thing. Do we have the difference between flat mode and the 
> 16-bit bootup mode in some better way?
> 
> Hmm?
> 

Well, we *could* do a 16-bit PM segment (and do two far jumps), but that 
seems rather silly.  We'd have to patch the GDT for the base in that 
case, anyway.

This is more or less the same code I had for the first version of the 
patch, modulo moving the short jump of course.  I do like making the 
32-bit code a separate function, but it really should be "movl %ecx,..." 
in the 32-bit code.

I have to admit I agree with Eric that this is probably overkill, but 
hey, there is nothing like a bit of overkill to make sure something is 
really and truly dead.

Cooking up a tree now.

	-hpa