[Qemu-devel] Stack corruption problem with SeaBIOS/gPXE under QEMU

[Naphtali Sprei]

Hi,
I've found a problem with the usage of SeaBIOS/gPXE in Qemu.
The scenario is when failing to boot from network and falling back to booting 
from hard-disk (-boot nc).
The cause of the problem is that both SeaBIOS and gPXE (in it's installation 
phase) uses same stack area, 0x7c00.
The gPXE code corrupts the SeaBIOS stack, so when gPXE returns to SeaBIOS chaos 
occurs.

Output: "qemu: fatal: Trying to execute code outside RAM or ROM at 
0x00000000eb300000"

A simple hack/patch (attached) solves this problem, but a proper patch expected 
from the SeaBIOS guys.

 Enjoy,

  Naphtali

Patch against current SeaBIOS git


Signed-off-by: Naphtali Sprei <address@hidden>
---
 src/arch/i386/prefix/pxeprefix.S |    2 +-
 src/arch/i386/prefix/romprefix.S |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/arch/i386/prefix/pxeprefix.S b/src/arch/i386/prefix/pxeprefix.S
index b541e4b..11dd45d 100644
--- a/src/arch/i386/prefix/pxeprefix.S
+++ b/src/arch/i386/prefix/pxeprefix.S
@@ -47,7 +47,7 @@ FILE_LICENCE ( GPL2_OR_LATER )
        /* Set up stack just below 0x7c00 */
        xorw    %ax, %ax
        movw    %ax, %ss
-       movl    $0x7c00, %esp
+       movl    $0x7a00, %esp
        /* Clear direction flag, for the sake of sanity */
        cld
        /* Print welcome message */
diff --git a/src/arch/i386/prefix/romprefix.S b/src/arch/i386/prefix/romprefix.S
index cb474e8..93f3f17 100644
--- a/src/arch/i386/prefix/romprefix.S
+++ b/src/arch/i386/prefix/romprefix.S
@@ -587,7 +587,7 @@ exec:       /* Set %ds = %cs */
        /* Obtain a reasonably-sized temporary stack */
        xorw    %ax, %ax
        movw    %ax, %ss
-       movw    $0x7c00, %sp
+       movw    $0x7a00, %sp
 
        /* Install gPXE */
        movl    image_source, %esi
-- 
1.6.3.3