These issues have low impact because they require precise circumstances to trigger one of them. The disk must be > 2 TiB in size and either:
- The primary GPT header is dammaged.
- The freebsd-boot partiton is located farther than the first 2 TiB of the disc and one of its sectors takes place at a lba value that makes the higher 32 bits of this very value change.
Errors and corrections folow:
* Lines 117 - 118
main.3a: decl (%si) # 0x0(%si) = last sec (0-31)
main.3a: subl $1, (%si) # 0x0(%si) = last sec (0-31)
sbbl $0, 4(%si)
-> Copies only two 16-bits words but it's a 64-bits value. Moreover, decrements this 64-bit value without care for a possible carry.
* Line 131
-> It's CX the counter for repe not CL. It works as is but it's dangerous to keep that.
* Lines 153 - 154
next_boot: incl (%si) # Next LBA
next_boot: addl $1, (%si) # Next LBA
-> inc instruction doesn't affect the carry flag.
* Lines 174 - 175
incl GPT_ADDR+GPT_PART_LBA # Next sector
addl $1, GPT_ADDR+GPT_PART_LBA.
-> Same as before.
Created attachment 200996 [details]
pmbr source code patched
For your information, I compiled the code corrected as indicated above and installed it on a 12.0-RELEASE. It works.
However, I can't test the cases where the original pmbr would crash as I don't have a disk > 2 TiB.