From 5600955bdd20d95d6509617457cfa9d0d7b464b7 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@etherboot.org>
Date: Fri, 17 Oct 2008 18:12:24 +0100
Subject: [PATCH] [romprefix] Sanity-check the runtime segment address for PCI
 3

Some PCI 3 BIOSes seem to provide a garbage value in %bx, which should
contain the runtime segment address.  Perform a basic sanity check: we
reject the segment if it is below the start of option ROM space.  If
the sanity check fails, we assume that the BIOS was not expecting us
to be a PCI 3 ROM, and we just leave our image in situ.
---
 src/arch/i386/prefix/romprefix.S | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/arch/i386/prefix/romprefix.S b/src/arch/i386/prefix/romprefix.S
index ca32a4419..3351494bd 100644
--- a/src/arch/i386/prefix/romprefix.S
+++ b/src/arch/i386/prefix/romprefix.S
@@ -205,7 +205,16 @@ init:
 	movb	%bl, %al
 	call	print_hex_byte
 	cmpb	$3, %bh
+	jb	1f
+	/* PCI >=3.0: leave %gs as-is if sane */
+	movw	%gs, %ax
+	cmpw	$0xc000, %ax
 	jae	2f
+	/* PCI 3.0 with insane %gs value: print error and ignore %gs */
+	movb	$'!', %al
+	call	print_character
+	movw	%gs, %ax
+	call	print_hex_word
 1:	/* PCI <3.0: set %gs (runtime segment) = %cs (init-time segment) */
 	pushw	%cs
 	popw	%gs