tristan/ZealOS
1
0
Fork 0
mirror of https://github.com/Zeal-Operating-System/ZealOS.git synced 2024-12-25 23:10:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix zealbooter memmap kernel header buffer-overflow.

Browse source 
Previously the zealbooter memmap e820 assignment loop used the entry count value passed via limine, without checking if it was over MEM_E820_ENTRIES_NUM, the #define constant value limit of entries that are stored in the kernel header's e820 region. This commit bumps up the constant entry count to 64 from 48, and also adds a small check in zealbooter to ensure that the entry count value used in the memmap loop caps off at the constant value.
This commit is contained in:
TomAwezome 2022-09-12 00:41:09 -04:00
parent ad20a7a710
commit 8297c769e6
3 changed files with 19 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/Kernel/KernelA.HH
View file

@ -427,7 +427,7 @@ class CSysLimitBase
}; };
#help_index "Memory/Info" #help_index "Memory/Info"
#define MEM_E820_ENTRIES_NUM 48 #define MEM_E820_ENTRIES_NUM 64
#define MEM_E820t_USABLE 1 #define MEM_E820t_USABLE 1
#define MEM_E820t_RESERVED 2 #define MEM_E820t_RESERVED 2
#define MEM_E820t_ACPI 3 #define MEM_E820t_ACPI 3
@ -4546,4 +4546,4 @@ class CProgress
#define PRINTF_NEG_E 0x400 #define PRINTF_NEG_E 0x400
#define PRINTF_NEG_AUX_FORMAT_NUM 0x800 #define PRINTF_NEG_AUX_FORMAT_NUM 0x800
#help_index "" #help_index ""

3
zealbooter/trampoline.S
View file

@ -5,9 +5,6 @@ trampoline:
// Set new stack // Set new stack
mov %rdx, %rsp mov %rdx, %rsp
// hlt
// hlt
// Load GDTR // Load GDTR
lgdt (%rcx) lgdt (%rcx)

20
zealbooter/zealbooter.c
View file

@ -44,7 +44,7 @@ struct CDate {
int32_t date; int32_t date;
} __attribute__((packed)); } __attribute__((packed));
#define MEM_E820_ENTRIES_NUM 48 #define MEM_E820_ENTRIES_NUM 64
#define MEM_E820T_USABLE 1 #define MEM_E820T_USABLE 1
#define MEM_E820T_RESERVED 2 #define MEM_E820T_RESERVED 2
@ -243,8 +243,22 @@ void _start(void) {
kernel->mem_physical_space = 0; kernel->mem_physical_space = 0;
size_t mem_count = 0;
if (memmap_request.response->entry_count > MEM_E820_ENTRIES_NUM)
{
mem_count = MEM_E820_ENTRIES_NUM;
// If limine hands us more regions than the constant, cap it off early instead of buffer overflowing into kernel headers.
// This won't guarantee we'll get lucky with framebuffer placement passed via limine.
// If the mem_count gets capped at the constant, the system should still boot fully (drive activity lights, reading compiler and code from disc, etc),
// just possibly with no visible framebuffer. :^)
}
else
{
mem_count = memmap_request.response->entry_count;
}
printf("memory map:\n"); printf("memory map:\n");
for (size_t i = 0; i < memmap_request.response->entry_count; i++) { for (size_t i = 0; i < mem_count; i++) {
struct limine_memmap_entry *entry = memmap_request.response->entries[i]; struct limine_memmap_entry *entry = memmap_request.response->entries[i];
int our_type; int our_type;
@ -293,7 +307,7 @@ void _start(void) {
} }
printf("\n"); printf("\n");
kernel->mem_E820[memmap_request.response->entry_count].type = 0; kernel->mem_E820[mem_count].type = 0;
kernel->mem_physical_space = align_up_u64(kernel->mem_physical_space, 0x200000); kernel->mem_physical_space = align_up_u64(kernel->mem_physical_space, 0x200000);