From patchwork Thu Oct 27 17:50:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Rafael J. Wysocki" X-Patchwork-Id: 11903 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp376542wru; Thu, 27 Oct 2022 11:00:53 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6BhVFJ66B2u9SPM9bIJLkVvth6B1r4dwl+ha7ba5ITODHm66KXbtiCDo3dw/MF8INfmNlT X-Received: by 2002:a63:5f91:0:b0:46f:53ce:8005 with SMTP id t139-20020a635f91000000b0046f53ce8005mr3000526pgb.428.1666893652692; Thu, 27 Oct 2022 11:00:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666893652; cv=none; d=google.com; s=arc-20160816; b=G1DE0rBlsSvrF+zRbfbv8hLLbLTN6pZ1hF1i/WxZ7ohUM5Ph8h0k/CmkaeWKtDCTon Jskk+LrYql9TrpW2NMWUx8z+Zr/Vu21KY3/E1yS6VHvHcnp48qMjEZSlfBaiSj+BaG04 6zwbh6jY3qv8UTRZUzDroEXB04F7c79sYyFc9RoGDBzwGFj448KWYMbreYUNSQOjDYcf IqEbrIwmge8EXr55MGWA4lyiVWpiMT7A9xxXWRIbYNVL2JBWfIP3CS9s9yFMscKMwFWK 9vP+AetbijDlXl3xFRV01eyAtR30JrnovsGRI/DDKNRbiNbbYr5Efj6griCKCGBb0Wjl kK7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=O+CnI8JPuYtMDTEmLAtzTr/5MVYa4V/4mL/8SNYtbqw=; b=hZ2Lp2RWyW2L1NjSZ328L8UZxrGkyWqMguisAzoB8I86ctLdsaJAATJlkF+VxOX5M5 9t/I+y0/lVqEpl3UE2+euRHnyQqszJ/1loJtHTonJtmSEek0+I1oXHZvEVfEZ8V3ApnD uHW1KDWJufoF44KyaQ8XZv9oBB7NnXFu9uO6ctDS9DXY9SjMqLhhJuyaRzh3W9UTaO6N ldmF7GCj/aI16v3yE44yid9f6RDwuiHitoxBBKZ4ojZIFzPLgxluS9trckZD0oW0KoL3 a8PS9GJmhLMNI61gymgzjJ7vtFM0wN73DYorydA7HOjdaayrl0UoKnpbiAJBEa+cEFhT 4apQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 20-20020a630114000000b0046edd275609si2413188pgb.684.2022.10.27.11.00.39; Thu, 27 Oct 2022 11:00:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236077AbiJ0SAK (ORCPT + 99 others); Thu, 27 Oct 2022 14:00:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235962AbiJ0R7Z (ORCPT ); Thu, 27 Oct 2022 13:59:25 -0400 Received: from cloudserver094114.home.pl (cloudserver094114.home.pl [79.96.170.134]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 242E3180AD9; Thu, 27 Oct 2022 10:59:17 -0700 (PDT) Received: from localhost (127.0.0.1) (HELO v370.home.net.pl) by /usr/run/smtp (/usr/run/postfix/private/idea_relay_lmtp) via UNIX with SMTP (IdeaSmtpServer 5.0.0) id eea9195a9de4c2bc; Thu, 27 Oct 2022 19:59:16 +0200 Received: from kreacher.localnet (unknown [213.134.169.45]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by v370.home.net.pl (Postfix) with ESMTPSA id 4C79E66D83D; Thu, 27 Oct 2022 19:59:15 +0200 (CEST) From: "Rafael J. Wysocki" To: Linux ACPI Cc: LKML , Bob Moore Subject: [PATCH 03/11] ACPICA: Check that EBDA pointer is in valid memory Date: Thu, 27 Oct 2022 19:50:06 +0200 Message-ID: <10171725.nUPlyArG6x@kreacher> In-Reply-To: <4756726.GXAFRqVoOG@kreacher> References: <4756726.GXAFRqVoOG@kreacher> MIME-Version: 1.0 X-CLIENT-IP: 213.134.169.45 X-CLIENT-HOSTNAME: 213.134.169.45 X-VADE-SPAMSTATE: clean X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvgedrtdeggdduudejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecujffqoffgrffnpdggtffipffknecuuegrihhlohhuthemucduhedtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufffkfgjfhgggfgtsehtufertddttdejnecuhfhrohhmpedftfgrfhgrvghlucflrdcuhgihshhotghkihdfuceorhhjfiesrhhjfiihshhotghkihdrnhgvtheqnecuggftrfgrthhtvghrnhepledtieekkeekveeikeetgffgteeuteefjeevjeegudelvdduheeiuedvieehieevnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepvddufedrudefgedrudeiledrgeehnecuvehluhhsthgvrhfuihiivgepudenucfrrghrrghmpehinhgvthepvddufedrudefgedrudeiledrgeehpdhhvghlohepkhhrvggrtghhvghrrdhlohgtrghlnhgvthdpmhgrihhlfhhrohhmpedftfgrfhgrvghlucflrdcuhgihshhotghkihdfuceorhhjfiesrhhjfiihshhotghkihdrnhgvtheqpdhnsggprhgtphhtthhopeefpdhrtghpthhtoheplhhinhhugidqrggtphhisehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheplhhinhhugidqkhgvrhhnvghlsehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoheprhhosggvrhhtrdhmohhorhgvsehinhhtvghlrdgtohhm X-DCC--Metrics: v370.home.net.pl 1024; Body=3 Fuz1=3 Fuz2=3 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747864678969367257?= X-GMAIL-MSGID: =?utf-8?q?1747864678969367257?= From: Vit Kabele ACPICA commit cc9e7763ceb2e2649fe3422130416d84a3c6854a If the memory at 0x40e is uninitialized, the retrieved physical_memory address of EBDA may be beyond the low memory (i.e. above 640K). If so, the kernel may unintentionally access the VGA memory, that might not be decoded or even present in case of virtualization. Link: https://github.com/acpica/acpica/commit/cc9e7763 Signed-off-by: Vit Kabele Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki --- drivers/acpi/acpica/tbxfroot.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) Index: linux-pm/drivers/acpi/acpica/tbxfroot.c =================================================================== --- linux-pm.orig/drivers/acpi/acpica/tbxfroot.c +++ linux-pm/drivers/acpi/acpica/tbxfroot.c @@ -139,7 +139,11 @@ acpi_find_root_pointer(acpi_physical_add /* EBDA present? */ - if (physical_address > 0x400) { + /* + * Check that the EBDA pointer from memory is sane and does not point + * above valid low memory + */ + if (physical_address > 0x400 && physical_address < 0xA0000) { /* * 1b) Search EBDA paragraphs (EBDA is required to be a * minimum of 1K length)