ACPICA: Check that EBDA pointer is in valid memory

ACPICA commit cc9e7763ceb2e2649fe3422130416d84a3c6854a If the memory at 0x40e is uninitialized, the retrieved physical_memory address of EBDA may be beyond the low memory (i.e. above 640K). If so, the kernel may unintentionally access the VGA memory, that might not be decoded or even present in case of virtualization. Link: https://github.com/acpica/acpica/commit/cc9e7763 Signed-off-by: Vit Kabele <vit@kabele.me> Signed-off-by: Bob Moore <robert.moore@intel.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
author: Vit Kabele <vit@kabele.me> 2022-10-27 19:50:06 +0200
committer: Rafael J. Wysocki <rafael.j.wysocki@intel.com> 2022-10-28 17:28:22 +0200
commit: 4fe54f509304ea6cc80a40620cac860c57edf7f3 (patch)
tree: 409996fbd493532f49eb271f8582765d61582b2d /drivers/acpi
parent: 5c62d5aab8752e5ee7bfbe75ed6060db1c787f98 (diff)
download: linux-4fe54f509304ea6cc80a40620cac860c57edf7f3.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/acpi/acpica/tbxfroot.c b/drivers/acpi/acpica/tbxfroot.c
index 3d09e3f6bd43..ede2745838c8 100644
--- a/drivers/acpi/acpica/tbxfroot.c
+++ b/drivers/acpi/acpica/tbxfroot.c
@@ -139,7 +139,11 @@ acpi_find_root_pointer(acpi_physical_address *table_address)
 
 	/* EBDA present? */
 
-	if (physical_address > 0x400) {
+	/*
+	 * Check that the EBDA pointer from memory is sane and does not point
+	 * above valid low memory
+	 */
+	if (physical_address > 0x400 && physical_address < 0xA0000) {
 		/*
 		 * 1b) Search EBDA paragraphs (EBDA is required to be a
 		 *     minimum of 1K length)
author	Vit Kabele <vit@kabele.me>	2022-10-27 19:50:06 +0200
committer	Rafael J. Wysocki <rafael.j.wysocki@intel.com>	2022-10-28 17:28:22 +0200
commit	4fe54f509304ea6cc80a40620cac860c57edf7f3 (patch)
tree	409996fbd493532f49eb271f8582765d61582b2d /drivers/acpi
parent	5c62d5aab8752e5ee7bfbe75ed6060db1c787f98 (diff)
download	linux-4fe54f509304ea6cc80a40620cac860c57edf7f3.tar.bz2