Leave protected-mode return address on PM stack when issuing a
real_call(), rather than moving it to the RM stack and back again. This allows the real-mode function to completely destroy the stack contents, provided that it manages to return to real_call().
This commit is contained in:
parent
2eeb7c4fe7
commit
a9369bb503
|
@ -455,28 +455,25 @@ prot_call:
|
||||||
.code32
|
.code32
|
||||||
.globl real_call
|
.globl real_call
|
||||||
real_call:
|
real_call:
|
||||||
/* Create register dump on PM stack */
|
/* Create register dump and function pointer copy on PM stack */
|
||||||
pushal
|
pushal
|
||||||
|
pushl RC_OFFSET_FUNCTION(%esp)
|
||||||
|
|
||||||
/* Switch to real mode and move register dump to RM stack */
|
/* Switch to real mode and move register dump to RM stack */
|
||||||
movl $RC_OFFSET_END, %ecx
|
movl $( RC_OFFSET_RETADDR + 4 /* function pointer copy */ ), %ecx
|
||||||
pushl $1f
|
pushl $1f
|
||||||
jmp prot_to_real
|
jmp prot_to_real
|
||||||
.section ".text16"
|
.section ".text16"
|
||||||
.code16
|
.code16
|
||||||
1:
|
1:
|
||||||
/* Construct call to real-mode function */
|
|
||||||
movw %sp, %bp
|
|
||||||
movw RC_OFFSET_FUNCTION(%bp), %ax
|
|
||||||
movw %ax, rc_function
|
|
||||||
|
|
||||||
/* Call real-mode function */
|
/* Call real-mode function */
|
||||||
|
popl rc_function
|
||||||
popal
|
popal
|
||||||
call *rc_function
|
call *rc_function
|
||||||
pushal
|
pushal
|
||||||
|
|
||||||
/* Switch to protected mode and move register dump back to PM stack */
|
/* Switch to protected mode and move register dump back to PM stack */
|
||||||
movl $RC_OFFSET_END, %ecx
|
movl $RC_OFFSET_RETADDR, %ecx
|
||||||
pushl $1f
|
pushl $1f
|
||||||
jmp real_to_prot
|
jmp real_to_prot
|
||||||
.section ".text"
|
.section ".text"
|
||||||
|
@ -487,9 +484,11 @@ real_call:
|
||||||
ret
|
ret
|
||||||
|
|
||||||
|
|
||||||
/* Function vector, used because */
|
/* Function vector, used because "call xx(%sp)" is not a valid
|
||||||
|
* 16-bit expression.
|
||||||
|
*/
|
||||||
.section ".data16"
|
.section ".data16"
|
||||||
rc_function: .word 0
|
rc_function: .word 0, 0
|
||||||
|
|
||||||
/****************************************************************************
|
/****************************************************************************
|
||||||
* Stored real-mode and protected-mode stack pointers
|
* Stored real-mode and protected-mode stack pointers
|
||||||
|
|
Reference in New Issue