If the kernel symbols fit completely into the 2 MB alignment hole

after kernel bss but before end of the image, the page tables used
the read-only mapping of the hole.  When booting a small non-generic
kernel, this resulted in a crash, while writing to the page tables
later.
Make sure that the page tables are created after esym and after
end.
OK mlarkin@ deraadt@

1 files changed, 8 insertions, 1 deletions

diff --git a/sys/arch/amd64/amd64/locore.S b/sys/arch/amd64/amd64/locore.S
index c264f9a2de1..c2e4d4f9508 100644
--- a/sys/arch/amd64/amd64/locore.S
+++ b/sys/arch/amd64/amd64/locore.S
@@ -1,4 +1,4 @@
-/*	$OpenBSD: locore.S,v 1.65 2015/05/18 19:59:27 guenther Exp $	*/
+/*	$OpenBSD: locore.S,v 1.66 2015/06/23 14:19:21 bluhm Exp $	*/
 /*	$NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $	*/
 
 /*
@@ -264,6 +264,10 @@ start:	movw	$0x1234,0x472			# warm boot
 	movl	8(%esp),%eax
 	movl	%eax, RELOC(bootdev)
 
+	/*
+	 * Syms are placed after last load and bss of the kernel.
+	 * XXX Boot ignores 2MB roundup of _end, so esyms can be < _end.
+	 */
 	movl	16(%esp), %eax
 	testl   %eax,%eax
 	jz      1f
@@ -423,6 +427,9 @@ cont:
 	testl	%eax,%eax
 	jz	1f
 	subl	$KERNBASE_LO,%eax	/* XXX */
+	/* Page tables must be after symbols and after kernel image. */
+	cmpl	%eax,%edi
+	jg	1f
 	movl	%eax,%edi
 1:
 #endif