x86/boot: fix BIOS memory corruption on certain IBM systems

IBM System x3530 M4 BIOSes (including the latest available at the time of this
patch) will corrupt a byte at physical address 0x105ff1 to the value of 0x86
if %esp has the value 0x00080000 when issuing an `int $0x15 (ax=0xec00)` to
inform the system about our intended operating mode.

Xen gets unhappy when the bootloader has placed it's .text section in over
this specific region of RAM.

After dropping into 16bit mode, clear all 32 bits of %esp, and for the BIOS
call already documented to be affected by BIOS bugs clear all GPRs.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/arch/x86/boot/trampoline.S b/xen/arch/x86/boot/trampoline.S
index 827f41219d1a999157643e3e326f21e625c2c433..4f5f8d7f3d0b6e36e192fd8dc5f2469204f35340 100644 (file)
--- a/xen/arch/x86/boot/trampoline.S
+++ b/xen/arch/x86/boot/trampoline.S
@@ -143,7 +143,7 @@ trampoline_boot_cpu_entry:
         mov     %ax,%ss
 
         /* Initialise stack pointer and IDT, and enable irqs. */
-        xor     %sp,%sp
+        xor     %esp,%esp
         lidt    bootsym(rm_idt)
         sti
 
@@ -151,6 +151,11 @@ trampoline_boot_cpu_entry:
          * Declare that our target operating mode is long mode.
          * Initialise 32-bit registers since some buggy BIOSes depend on it.
          */
+        xor     %ecx,%ecx
+        xor     %edx,%edx
+        xor     %esi,%esi
+        xor     %edi,%edi
+        xor     %ebp,%ebp
         movl    $0xec00,%eax      # declare target operating mode
         movl    $0x0002,%ebx      # long mode
         int     $0x15