From: Vit Kabele <vit@kabele.me>
To: platform-driver-x86@kernel.org
Cc: vit@kabele.me, r.marek@assembler.cz, devel@acpica.org,
mingo@redhat.com, robert.moore@intel.com,
linux-kernel@kernel.org, linux-acpi@vger.kernel.org
Subject: [PATCH 3/3] acpica: Do not touch VGA memory when EBDA < 1KiB
Date: Thu, 17 Mar 2022 15:04:37 +0100 [thread overview]
Message-ID: <YjM/9UrYVIKs/LOl@czspare1-lap.sysgo.cz> (raw)
In-Reply-To: <cover.1647525033.git.vit@kabele.me>
The ACPICA code assumes that EBDA region must be at least 1KiB in size.
Because this is not guaranteed, it might happen that while scanning the
memory for RSDP pointer, the kernel touches memory above 640KiB.
This is unwanted as the VGA memory range may not be decoded or
even present when running under virtualization.
Signed-off-by: Vit Kabele <vit@kabele.me>
Reviewed-by: Rudolf Marek <r.marek@assembler.cz>
---
drivers/acpi/acpica/tbxfroot.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/acpi/acpica/tbxfroot.c b/drivers/acpi/acpica/tbxfroot.c
index 67b7df1c0520..b1f4a91044d9 100644
--- a/drivers/acpi/acpica/tbxfroot.c
+++ b/drivers/acpi/acpica/tbxfroot.c
@@ -114,6 +114,7 @@ acpi_find_root_pointer(acpi_physical_address *table_address)
u8 *table_ptr;
u8 *mem_rover;
u32 physical_address;
+ u32 ebda_window_size;
ACPI_FUNCTION_TRACE(acpi_find_root_pointer);
@@ -143,25 +144,32 @@ acpi_find_root_pointer(acpi_physical_address *table_address)
*/
if (physical_address > 0x400 &&
physical_address < 0xA0000) {
+ /* Calculate the scan window size
+ * The EBDA is not guaranteed to be larger than a KiB
+ * and in case that it is smaller the scanning function would
+ * leave the low memory and continue to the VGA range.
+ */
+ ebda_window_size = ACPI_MIN(ACPI_EBDA_WINDOW_SIZE,
+ 0xA0000 - physical_address);
+
/*
- * 1b) Search EBDA paragraphs (EBDA is required to be a
- * minimum of 1K length)
+ * 1b) Search EBDA paragraphs
*/
table_ptr = acpi_os_map_memory((acpi_physical_address)
physical_address,
- ACPI_EBDA_WINDOW_SIZE);
+ ebda_window_size);
if (!table_ptr) {
ACPI_ERROR((AE_INFO,
"Could not map memory at 0x%8.8X for length %u",
- physical_address, ACPI_EBDA_WINDOW_SIZE));
+ physical_address, ebda_window_size));
return_ACPI_STATUS(AE_NO_MEMORY);
}
mem_rover =
acpi_tb_scan_memory_for_rsdp(table_ptr,
- ACPI_EBDA_WINDOW_SIZE);
- acpi_os_unmap_memory(table_ptr, ACPI_EBDA_WINDOW_SIZE);
+ ebda_window_size);
+ acpi_os_unmap_memory(table_ptr, ebda_window_size);
if (mem_rover) {
--
2.30.2
WARNING: multiple messages have this Message-ID (diff)
From: Vit Kabele <vit at kabele.me>
To: devel@acpica.org
Subject: [Devel] [PATCH 3/3] acpica: Do not touch VGA memory when EBDA < 1KiB
Date: Thu, 17 Mar 2022 15:04:37 +0100 [thread overview]
Message-ID: <YjM/9UrYVIKs/LOl@czspare1-lap.sysgo.cz> (raw)
In-Reply-To: cover.1647525033.git.vit@kabele.me
[-- Attachment #1: Type: text/plain, Size: 2293 bytes --]
The ACPICA code assumes that EBDA region must be at least 1KiB in size.
Because this is not guaranteed, it might happen that while scanning the
memory for RSDP pointer, the kernel touches memory above 640KiB.
This is unwanted as the VGA memory range may not be decoded or
even present when running under virtualization.
Signed-off-by: Vit Kabele <vit(a)kabele.me>
Reviewed-by: Rudolf Marek <r.marek(a)assembler.cz>
---
drivers/acpi/acpica/tbxfroot.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/drivers/acpi/acpica/tbxfroot.c b/drivers/acpi/acpica/tbxfroot.c
index 67b7df1c0520..b1f4a91044d9 100644
--- a/drivers/acpi/acpica/tbxfroot.c
+++ b/drivers/acpi/acpica/tbxfroot.c
@@ -114,6 +114,7 @@ acpi_find_root_pointer(acpi_physical_address *table_address)
u8 *table_ptr;
u8 *mem_rover;
u32 physical_address;
+ u32 ebda_window_size;
ACPI_FUNCTION_TRACE(acpi_find_root_pointer);
@@ -143,25 +144,32 @@ acpi_find_root_pointer(acpi_physical_address *table_address)
*/
if (physical_address > 0x400 &&
physical_address < 0xA0000) {
+ /* Calculate the scan window size
+ * The EBDA is not guaranteed to be larger than a KiB
+ * and in case that it is smaller the scanning function would
+ * leave the low memory and continue to the VGA range.
+ */
+ ebda_window_size = ACPI_MIN(ACPI_EBDA_WINDOW_SIZE,
+ 0xA0000 - physical_address);
+
/*
- * 1b) Search EBDA paragraphs (EBDA is required to be a
- * minimum of 1K length)
+ * 1b) Search EBDA paragraphs
*/
table_ptr = acpi_os_map_memory((acpi_physical_address)
physical_address,
- ACPI_EBDA_WINDOW_SIZE);
+ ebda_window_size);
if (!table_ptr) {
ACPI_ERROR((AE_INFO,
"Could not map memory at 0x%8.8X for length %u",
- physical_address, ACPI_EBDA_WINDOW_SIZE));
+ physical_address, ebda_window_size));
return_ACPI_STATUS(AE_NO_MEMORY);
}
mem_rover =
acpi_tb_scan_memory_for_rsdp(table_ptr,
- ACPI_EBDA_WINDOW_SIZE);
- acpi_os_unmap_memory(table_ptr, ACPI_EBDA_WINDOW_SIZE);
+ ebda_window_size);
+ acpi_os_unmap_memory(table_ptr, ebda_window_size);
if (mem_rover) {
--
2.30.2
next prev parent reply other threads:[~2022-03-17 14:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1647525033.git.vit@kabele.me>
2022-03-17 14:03 ` [PATCH 1/3] platform/x86: Check validity of EBDA pointer in mpparse.c Vit Kabele
2022-03-17 14:03 ` [Devel] " Vit Kabele
2022-04-05 13:11 ` Rafael J. Wysocki
2022-04-05 13:11 ` [Devel] " Rafael J. Wysocki
2022-04-08 8:46 ` [PATCH v2] arch/x86: " Vit Kabele
2022-05-03 17:36 ` Borislav Petkov
2022-05-16 9:43 ` Vit Kabele
2022-05-17 19:21 ` Borislav Petkov
2022-07-21 15:38 ` Vit Kabele
2022-03-17 14:04 ` [PATCH 2/3] acpica: Check that the EBDA pointer is in valid range Vit Kabele
2022-03-17 14:04 ` [Devel] " Vit Kabele
2022-04-05 13:14 ` Rafael J. Wysocki
2022-04-05 13:14 ` [Devel] " Rafael J. Wysocki
2022-03-17 14:04 ` Vit Kabele [this message]
2022-03-17 14:04 ` [Devel] [PATCH 3/3] acpica: Do not touch VGA memory when EBDA < 1KiB Vit Kabele
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YjM/9UrYVIKs/LOl@czspare1-lap.sysgo.cz \
--to=vit@kabele.me \
--cc=devel@acpica.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@kernel.org \
--cc=mingo@redhat.com \
--cc=platform-driver-x86@kernel.org \
--cc=r.marek@assembler.cz \
--cc=robert.moore@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.