From: Vit Kabele <vit@kabele.me> To: platform-driver-x86@kernel.org Cc: vit@kabele.me, r.marek@assembler.cz, devel@acpica.org, mingo@redhat.com, robert.moore@intel.com, linux-kernel@kernel.org, linux-acpi@vger.kernel.org Subject: [PATCH 3/3] acpica: Do not touch VGA memory when EBDA < 1KiB Date: Thu, 17 Mar 2022 15:04:37 +0100 [thread overview] Message-ID: <YjM/9UrYVIKs/LOl@czspare1-lap.sysgo.cz> (raw) In-Reply-To: <cover.1647525033.git.vit@kabele.me> The ACPICA code assumes that EBDA region must be at least 1KiB in size. Because this is not guaranteed, it might happen that while scanning the memory for RSDP pointer, the kernel touches memory above 640KiB. This is unwanted as the VGA memory range may not be decoded or even present when running under virtualization. Signed-off-by: Vit Kabele <vit@kabele.me> Reviewed-by: Rudolf Marek <r.marek@assembler.cz> --- drivers/acpi/acpica/tbxfroot.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/acpi/acpica/tbxfroot.c b/drivers/acpi/acpica/tbxfroot.c index 67b7df1c0520..b1f4a91044d9 100644 --- a/drivers/acpi/acpica/tbxfroot.c +++ b/drivers/acpi/acpica/tbxfroot.c @@ -114,6 +114,7 @@ acpi_find_root_pointer(acpi_physical_address *table_address) u8 *table_ptr; u8 *mem_rover; u32 physical_address; + u32 ebda_window_size; ACPI_FUNCTION_TRACE(acpi_find_root_pointer); @@ -143,25 +144,32 @@ acpi_find_root_pointer(acpi_physical_address *table_address) */ if (physical_address > 0x400 && physical_address < 0xA0000) { + /* Calculate the scan window size + * The EBDA is not guaranteed to be larger than a KiB + * and in case that it is smaller the scanning function would + * leave the low memory and continue to the VGA range. + */ + ebda_window_size = ACPI_MIN(ACPI_EBDA_WINDOW_SIZE, + 0xA0000 - physical_address); + /* - * 1b) Search EBDA paragraphs (EBDA is required to be a - * minimum of 1K length) + * 1b) Search EBDA paragraphs */ table_ptr = acpi_os_map_memory((acpi_physical_address) physical_address, - ACPI_EBDA_WINDOW_SIZE); + ebda_window_size); if (!table_ptr) { ACPI_ERROR((AE_INFO, "Could not map memory at 0x%8.8X for length %u", - physical_address, ACPI_EBDA_WINDOW_SIZE)); + physical_address, ebda_window_size)); return_ACPI_STATUS(AE_NO_MEMORY); } mem_rover = acpi_tb_scan_memory_for_rsdp(table_ptr, - ACPI_EBDA_WINDOW_SIZE); - acpi_os_unmap_memory(table_ptr, ACPI_EBDA_WINDOW_SIZE); + ebda_window_size); + acpi_os_unmap_memory(table_ptr, ebda_window_size); if (mem_rover) { -- 2.30.2
WARNING: multiple messages have this Message-ID (diff)
From: Vit Kabele <vit at kabele.me> To: devel@acpica.org Subject: [Devel] [PATCH 3/3] acpica: Do not touch VGA memory when EBDA < 1KiB Date: Thu, 17 Mar 2022 15:04:37 +0100 [thread overview] Message-ID: <YjM/9UrYVIKs/LOl@czspare1-lap.sysgo.cz> (raw) In-Reply-To: cover.1647525033.git.vit@kabele.me [-- Attachment #1: Type: text/plain, Size: 2293 bytes --] The ACPICA code assumes that EBDA region must be at least 1KiB in size. Because this is not guaranteed, it might happen that while scanning the memory for RSDP pointer, the kernel touches memory above 640KiB. This is unwanted as the VGA memory range may not be decoded or even present when running under virtualization. Signed-off-by: Vit Kabele <vit(a)kabele.me> Reviewed-by: Rudolf Marek <r.marek(a)assembler.cz> --- drivers/acpi/acpica/tbxfroot.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/acpi/acpica/tbxfroot.c b/drivers/acpi/acpica/tbxfroot.c index 67b7df1c0520..b1f4a91044d9 100644 --- a/drivers/acpi/acpica/tbxfroot.c +++ b/drivers/acpi/acpica/tbxfroot.c @@ -114,6 +114,7 @@ acpi_find_root_pointer(acpi_physical_address *table_address) u8 *table_ptr; u8 *mem_rover; u32 physical_address; + u32 ebda_window_size; ACPI_FUNCTION_TRACE(acpi_find_root_pointer); @@ -143,25 +144,32 @@ acpi_find_root_pointer(acpi_physical_address *table_address) */ if (physical_address > 0x400 && physical_address < 0xA0000) { + /* Calculate the scan window size + * The EBDA is not guaranteed to be larger than a KiB + * and in case that it is smaller the scanning function would + * leave the low memory and continue to the VGA range. + */ + ebda_window_size = ACPI_MIN(ACPI_EBDA_WINDOW_SIZE, + 0xA0000 - physical_address); + /* - * 1b) Search EBDA paragraphs (EBDA is required to be a - * minimum of 1K length) + * 1b) Search EBDA paragraphs */ table_ptr = acpi_os_map_memory((acpi_physical_address) physical_address, - ACPI_EBDA_WINDOW_SIZE); + ebda_window_size); if (!table_ptr) { ACPI_ERROR((AE_INFO, "Could not map memory at 0x%8.8X for length %u", - physical_address, ACPI_EBDA_WINDOW_SIZE)); + physical_address, ebda_window_size)); return_ACPI_STATUS(AE_NO_MEMORY); } mem_rover = acpi_tb_scan_memory_for_rsdp(table_ptr, - ACPI_EBDA_WINDOW_SIZE); - acpi_os_unmap_memory(table_ptr, ACPI_EBDA_WINDOW_SIZE); + ebda_window_size); + acpi_os_unmap_memory(table_ptr, ebda_window_size); if (mem_rover) { -- 2.30.2
next prev parent reply other threads:[~2022-03-17 14:12 UTC|newest] Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top [not found] <cover.1647525033.git.vit@kabele.me> 2022-03-17 14:03 ` [PATCH 1/3] platform/x86: Check validity of EBDA pointer in mpparse.c Vit Kabele 2022-03-17 14:03 ` [Devel] " Vit Kabele 2022-04-05 13:11 ` Rafael J. Wysocki 2022-04-05 13:11 ` [Devel] " Rafael J. Wysocki 2022-04-08 8:46 ` [PATCH v2] arch/x86: " Vit Kabele 2022-05-03 17:36 ` Borislav Petkov 2022-05-16 9:43 ` Vit Kabele 2022-05-17 19:21 ` Borislav Petkov 2022-07-21 15:38 ` Vit Kabele 2022-03-17 14:04 ` [PATCH 2/3] acpica: Check that the EBDA pointer is in valid range Vit Kabele 2022-03-17 14:04 ` [Devel] " Vit Kabele 2022-04-05 13:14 ` Rafael J. Wysocki 2022-04-05 13:14 ` [Devel] " Rafael J. Wysocki 2022-03-17 14:04 ` Vit Kabele [this message] 2022-03-17 14:04 ` [Devel] [PATCH 3/3] acpica: Do not touch VGA memory when EBDA < 1KiB Vit Kabele
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=YjM/9UrYVIKs/LOl@czspare1-lap.sysgo.cz \ --to=vit@kabele.me \ --cc=devel@acpica.org \ --cc=linux-acpi@vger.kernel.org \ --cc=linux-kernel@kernel.org \ --cc=mingo@redhat.com \ --cc=platform-driver-x86@kernel.org \ --cc=r.marek@assembler.cz \ --cc=robert.moore@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.