[03/11] ACPICA: Check that EBDA pointer is in valid memory

Message ID 10171725.nUPlyArG6x@kreacher
State New
Headers
Series ACPICA: Upstream changes since ACPICA 20220331 |

Commit Message

Rafael J. Wysocki Oct. 27, 2022, 5:50 p.m. UTC
  From: Vit Kabele <vit@kabele.me>

ACPICA commit cc9e7763ceb2e2649fe3422130416d84a3c6854a

If the memory at 0x40e is uninitialized, the retrieved physical_memory
address of EBDA may be beyond the low memory (i.e. above 640K).

If so, the kernel may unintentionally access the VGA memory, that
might not be decoded or even present in case of virtualization.

Link: https://github.com/acpica/acpica/commit/cc9e7763
Signed-off-by: Vit Kabele <vit@kabele.me>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
---
 drivers/acpi/acpica/tbxfroot.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
  

Patch

Index: linux-pm/drivers/acpi/acpica/tbxfroot.c
===================================================================
--- linux-pm.orig/drivers/acpi/acpica/tbxfroot.c
+++ linux-pm/drivers/acpi/acpica/tbxfroot.c
@@ -139,7 +139,11 @@  acpi_find_root_pointer(acpi_physical_add
 
 	/* EBDA present? */
 
-	if (physical_address > 0x400) {
+	/*
+	 * Check that the EBDA pointer from memory is sane and does not point
+	 * above valid low memory
+	 */
+	if (physical_address > 0x400 && physical_address < 0xA0000) {
 		/*
 		 * 1b) Search EBDA paragraphs (EBDA is required to be a
 		 *     minimum of 1K length)