From: "Rafael J. Wysocki" <rafael@kernel.org>
To: platform-driver-x86@kernel.org, r.marek@assembler.cz,
"open list:ACPI COMPONENT ARCHITECTURE (ACPICA)"
<devel@acpica.org>, Ingo Molnar <mingo@redhat.com>,
Robert Moore <robert.moore@intel.com>,
linux-kernel@kernel.org,
ACPI Devel Maling List <linux-acpi@vger.kernel.org>
Cc: vit@kabele.me
Subject: Re: [PATCH 2/3] acpica: Check that the EBDA pointer is in valid range
Date: Tue, 5 Apr 2022 15:14:27 +0200 [thread overview]
Message-ID: <CAJZ5v0iSCrU3AeEaTxVkbma_0Wi9LPPRiP_NbmuAgDOeDS9c0g@mail.gmail.com> (raw)
In-Reply-To: <YjM/6rqxZN19en2I@czspare1-lap.sysgo.cz>
On Thu, Mar 17, 2022 at 3:12 PM Vit Kabele <vit@kabele.me> wrote:
>
> If the memory at 0x40e is uninitialized, the retrieved physical_memory
> address of EBDA may be beyond the low memory (i.e. above 640K).
>
> If so, the kernel may unintentionally access the VGA memory, that
> might not be decoded or even present in case of virtualization.
>
> Signed-off-by: Vit Kabele <vit@kabele.me>
> Reviewed-by: Rudolf Marek <r.marek@assembler.cz>
> ---
> drivers/acpi/acpica/tbxfroot.c | 7 +++++--
Changes in the ACPICA code need to be submitted to the upstream ACPICA
project via https://github.com/acpica/acpica and they are pulled from
there into the kernel.
Of course, this applies to the next patch in the series too.
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/acpi/acpica/tbxfroot.c b/drivers/acpi/acpica/tbxfroot.c
> index 9fec3df6c3ba..67b7df1c0520 100644
> --- a/drivers/acpi/acpica/tbxfroot.c
> +++ b/drivers/acpi/acpica/tbxfroot.c
> @@ -138,8 +138,11 @@ acpi_find_root_pointer(acpi_physical_address *table_address)
> acpi_os_unmap_memory(table_ptr, ACPI_EBDA_PTR_LENGTH);
>
> /* EBDA present? */
> -
> - if (physical_address > 0x400) {
> + /* Check that the EBDA pointer from 0x40e is sane and does not point
> + * above valid low memory
> + */
> + if (physical_address > 0x400 &&
> + physical_address < 0xA0000) {
> /*
> * 1b) Search EBDA paragraphs (EBDA is required to be a
> * minimum of 1K length)
> --
> 2.30.2
>
WARNING: multiple messages have this Message-ID (diff)
From: Rafael J. Wysocki <rafael at kernel.org>
To: devel@acpica.org
Subject: [Devel] Re: [PATCH 2/3] acpica: Check that the EBDA pointer is in valid range
Date: Tue, 05 Apr 2022 15:14:27 +0200 [thread overview]
Message-ID: <CAJZ5v0iSCrU3AeEaTxVkbma_0Wi9LPPRiP_NbmuAgDOeDS9c0g@mail.gmail.com> (raw)
In-Reply-To: YjM/6rqxZN19en2I@czspare1-lap.sysgo.cz
[-- Attachment #1: Type: text/plain, Size: 1618 bytes --]
On Thu, Mar 17, 2022 at 3:12 PM Vit Kabele <vit(a)kabele.me> wrote:
>
> If the memory at 0x40e is uninitialized, the retrieved physical_memory
> address of EBDA may be beyond the low memory (i.e. above 640K).
>
> If so, the kernel may unintentionally access the VGA memory, that
> might not be decoded or even present in case of virtualization.
>
> Signed-off-by: Vit Kabele <vit(a)kabele.me>
> Reviewed-by: Rudolf Marek <r.marek(a)assembler.cz>
> ---
> drivers/acpi/acpica/tbxfroot.c | 7 +++++--
Changes in the ACPICA code need to be submitted to the upstream ACPICA
project via https://github.com/acpica/acpica and they are pulled from
there into the kernel.
Of course, this applies to the next patch in the series too.
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/acpi/acpica/tbxfroot.c b/drivers/acpi/acpica/tbxfroot.c
> index 9fec3df6c3ba..67b7df1c0520 100644
> --- a/drivers/acpi/acpica/tbxfroot.c
> +++ b/drivers/acpi/acpica/tbxfroot.c
> @@ -138,8 +138,11 @@ acpi_find_root_pointer(acpi_physical_address *table_address)
> acpi_os_unmap_memory(table_ptr, ACPI_EBDA_PTR_LENGTH);
>
> /* EBDA present? */
> -
> - if (physical_address > 0x400) {
> + /* Check that the EBDA pointer from 0x40e is sane and does not point
> + * above valid low memory
> + */
> + if (physical_address > 0x400 &&
> + physical_address < 0xA0000) {
> /*
> * 1b) Search EBDA paragraphs (EBDA is required to be a
> * minimum of 1K length)
> --
> 2.30.2
>
next prev parent reply other threads:[~2022-04-05 14:44 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1647525033.git.vit@kabele.me>
2022-03-17 14:03 ` [PATCH 1/3] platform/x86: Check validity of EBDA pointer in mpparse.c Vit Kabele
2022-03-17 14:03 ` [Devel] " Vit Kabele
2022-04-05 13:11 ` Rafael J. Wysocki
2022-04-05 13:11 ` [Devel] " Rafael J. Wysocki
2022-04-08 8:46 ` [PATCH v2] arch/x86: " Vit Kabele
2022-05-03 17:36 ` Borislav Petkov
2022-05-16 9:43 ` Vit Kabele
2022-05-17 19:21 ` Borislav Petkov
2022-07-21 15:38 ` Vit Kabele
2022-03-17 14:04 ` [PATCH 2/3] acpica: Check that the EBDA pointer is in valid range Vit Kabele
2022-03-17 14:04 ` [Devel] " Vit Kabele
2022-04-05 13:14 ` Rafael J. Wysocki [this message]
2022-04-05 13:14 ` [Devel] " Rafael J. Wysocki
2022-03-17 14:04 ` [PATCH 3/3] acpica: Do not touch VGA memory when EBDA < 1KiB Vit Kabele
2022-03-17 14:04 ` [Devel] " Vit Kabele
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJZ5v0iSCrU3AeEaTxVkbma_0Wi9LPPRiP_NbmuAgDOeDS9c0g@mail.gmail.com \
--to=rafael@kernel.org \
--cc=devel@acpica.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@kernel.org \
--cc=mingo@redhat.com \
--cc=platform-driver-x86@kernel.org \
--cc=r.marek@assembler.cz \
--cc=robert.moore@intel.com \
--cc=vit@kabele.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.