[romprefix] Do not clobber stack segment when returning to BIOS

Commit c429bf0 ("[romprefix] Store boot bus:dev.fn address as autoboot
device location") introduced a regression by using register %cx to
temporarily hold the PCI bus:dev.fn address, despite the fact that %cx
was already being used to hold the stored BIOS stack segment.
Consequently, when returning to the BIOS after a failed or cancelled
boot attempt, iPXE would end up calling INT 18 with the stack segment
set equal to the PCI bus:dev.fn address.  Writing to essentially
random areas of memory tends to upset even the more robust BIOSes.

Fix by using register %ax to temporarily hold the PCI bus:dev.fn
address.

Reported-by: Anton D. Kachalov <mouse@yandex-team.ru>
Tested-by: Anton D. Kachalov <mouse@yandex-team.ru>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/arch/i386/prefix/romprefix.S b/src/arch/i386/prefix/romprefix.S
index d606006e89ade2d3244ed5c4580c67ae9541ef0f..69f35f78c5ae4bfb241fdb19a426ae789898f2bc 100644 (file)
--- a/src/arch/i386/prefix/romprefix.S
+++ b/src/arch/i386/prefix/romprefix.S
@@ -740,13 +740,13 @@ exec:     /* Set %ds = %cs */
        .section ".text16", "awx", @progbits
 1:
        /* Retrieve PCI bus:dev.fn */
-       movw    init_pci_busdevfn, %cx
+       movw    init_pci_busdevfn, %ax
 
        /* Set up %ds for access to .data16 */
        movw    %bx, %ds
 
        /* Store PCI bus:dev.fn */
-       movw    %cx, autoboot_busdevfn
+       movw    %ax, autoboot_busdevfn
 
        /* Call main() */
        pushl   $main