From: "Rafael J. Wysocki" <rafael@kernel.org> To: platform-driver-x86@kernel.org, r.marek@assembler.cz, "open list:ACPI COMPONENT ARCHITECTURE (ACPICA)" <devel@acpica.org>, Ingo Molnar <mingo@redhat.com>, Robert Moore <robert.moore@intel.com>, linux-kernel@kernel.org, ACPI Devel Maling List <linux-acpi@vger.kernel.org> Cc: vit@kabele.me Subject: Re: [PATCH 2/3] acpica: Check that the EBDA pointer is in valid range Date: Tue, 5 Apr 2022 15:14:27 +0200 [thread overview] Message-ID: <CAJZ5v0iSCrU3AeEaTxVkbma_0Wi9LPPRiP_NbmuAgDOeDS9c0g@mail.gmail.com> (raw) In-Reply-To: <YjM/6rqxZN19en2I@czspare1-lap.sysgo.cz> On Thu, Mar 17, 2022 at 3:12 PM Vit Kabele <vit@kabele.me> wrote: > > If the memory at 0x40e is uninitialized, the retrieved physical_memory > address of EBDA may be beyond the low memory (i.e. above 640K). > > If so, the kernel may unintentionally access the VGA memory, that > might not be decoded or even present in case of virtualization. > > Signed-off-by: Vit Kabele <vit@kabele.me> > Reviewed-by: Rudolf Marek <r.marek@assembler.cz> > --- > drivers/acpi/acpica/tbxfroot.c | 7 +++++-- Changes in the ACPICA code need to be submitted to the upstream ACPICA project via https://github.com/acpica/acpica and they are pulled from there into the kernel. Of course, this applies to the next patch in the series too. > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/drivers/acpi/acpica/tbxfroot.c b/drivers/acpi/acpica/tbxfroot.c > index 9fec3df6c3ba..67b7df1c0520 100644 > --- a/drivers/acpi/acpica/tbxfroot.c > +++ b/drivers/acpi/acpica/tbxfroot.c > @@ -138,8 +138,11 @@ acpi_find_root_pointer(acpi_physical_address *table_address) > acpi_os_unmap_memory(table_ptr, ACPI_EBDA_PTR_LENGTH); > > /* EBDA present? */ > - > - if (physical_address > 0x400) { > + /* Check that the EBDA pointer from 0x40e is sane and does not point > + * above valid low memory > + */ > + if (physical_address > 0x400 && > + physical_address < 0xA0000) { > /* > * 1b) Search EBDA paragraphs (EBDA is required to be a > * minimum of 1K length) > -- > 2.30.2 >
WARNING: multiple messages have this Message-ID (diff)
From: Rafael J. Wysocki <rafael at kernel.org> To: devel@acpica.org Subject: [Devel] Re: [PATCH 2/3] acpica: Check that the EBDA pointer is in valid range Date: Tue, 05 Apr 2022 15:14:27 +0200 [thread overview] Message-ID: <CAJZ5v0iSCrU3AeEaTxVkbma_0Wi9LPPRiP_NbmuAgDOeDS9c0g@mail.gmail.com> (raw) In-Reply-To: YjM/6rqxZN19en2I@czspare1-lap.sysgo.cz [-- Attachment #1: Type: text/plain, Size: 1618 bytes --] On Thu, Mar 17, 2022 at 3:12 PM Vit Kabele <vit(a)kabele.me> wrote: > > If the memory at 0x40e is uninitialized, the retrieved physical_memory > address of EBDA may be beyond the low memory (i.e. above 640K). > > If so, the kernel may unintentionally access the VGA memory, that > might not be decoded or even present in case of virtualization. > > Signed-off-by: Vit Kabele <vit(a)kabele.me> > Reviewed-by: Rudolf Marek <r.marek(a)assembler.cz> > --- > drivers/acpi/acpica/tbxfroot.c | 7 +++++-- Changes in the ACPICA code need to be submitted to the upstream ACPICA project via https://github.com/acpica/acpica and they are pulled from there into the kernel. Of course, this applies to the next patch in the series too. > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/drivers/acpi/acpica/tbxfroot.c b/drivers/acpi/acpica/tbxfroot.c > index 9fec3df6c3ba..67b7df1c0520 100644 > --- a/drivers/acpi/acpica/tbxfroot.c > +++ b/drivers/acpi/acpica/tbxfroot.c > @@ -138,8 +138,11 @@ acpi_find_root_pointer(acpi_physical_address *table_address) > acpi_os_unmap_memory(table_ptr, ACPI_EBDA_PTR_LENGTH); > > /* EBDA present? */ > - > - if (physical_address > 0x400) { > + /* Check that the EBDA pointer from 0x40e is sane and does not point > + * above valid low memory > + */ > + if (physical_address > 0x400 && > + physical_address < 0xA0000) { > /* > * 1b) Search EBDA paragraphs (EBDA is required to be a > * minimum of 1K length) > -- > 2.30.2 >
next prev parent reply other threads:[~2022-04-05 14:44 UTC|newest] Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <cover.1647525033.git.vit@kabele.me> 2022-03-17 14:03 ` [PATCH 1/3] platform/x86: Check validity of EBDA pointer in mpparse.c Vit Kabele 2022-03-17 14:03 ` [Devel] " Vit Kabele 2022-04-05 13:11 ` Rafael J. Wysocki 2022-04-05 13:11 ` [Devel] " Rafael J. Wysocki 2022-04-08 8:46 ` [PATCH v2] arch/x86: " Vit Kabele 2022-05-03 17:36 ` Borislav Petkov 2022-05-16 9:43 ` Vit Kabele 2022-05-17 19:21 ` Borislav Petkov 2022-07-21 15:38 ` Vit Kabele 2022-03-17 14:04 ` [PATCH 2/3] acpica: Check that the EBDA pointer is in valid range Vit Kabele 2022-03-17 14:04 ` [Devel] " Vit Kabele 2022-04-05 13:14 ` Rafael J. Wysocki [this message] 2022-04-05 13:14 ` [Devel] " Rafael J. Wysocki 2022-03-17 14:04 ` [PATCH 3/3] acpica: Do not touch VGA memory when EBDA < 1KiB Vit Kabele 2022-03-17 14:04 ` [Devel] " Vit Kabele
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CAJZ5v0iSCrU3AeEaTxVkbma_0Wi9LPPRiP_NbmuAgDOeDS9c0g@mail.gmail.com \ --to=rafael@kernel.org \ --cc=devel@acpica.org \ --cc=linux-acpi@vger.kernel.org \ --cc=linux-kernel@kernel.org \ --cc=mingo@redhat.com \ --cc=platform-driver-x86@kernel.org \ --cc=r.marek@assembler.cz \ --cc=robert.moore@intel.com \ --cc=vit@kabele.me \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.