Check that EBDA pointer is in valid memory

If the memory at 0x40e is uninitialized, the retrieved physical_memory address of EBDA may be beyond the low memory (i.e. above 640K). If so, the kernel may unintentionally access the VGA memory, that might not be decoded or even present in case of virtualization. Signed-off-by: Vit Kabele <vit@kabele.me>
author: Vit Kabele <vit@kabele.me> 2022-02-11 14:01:55 +0200
committer: Vit Kabele <vit@kabele.me> 2022-05-03 14:37:08 +0200
commit: cc9e7763ceb2e2649fe3422130416d84a3c6854a (patch)
tree: 603e8cb04c87df79842fa51495c88ebd3acca531
parent: c6837a4aaeb4b7f6000307aacc04de99d1bae28c (diff)
download: acpica-cc9e7763ceb2e2649fe3422130416d84a3c6854a.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/source/components/tables/tbxfroot.c b/source/components/tables/tbxfroot.c
index bb90f6059..271c9424d 100644
--- a/source/components/tables/tbxfroot.c
+++ b/source/components/tables/tbxfroot.c
@@ -299,7 +299,12 @@ AcpiFindRootPointer (
 
     /* EBDA present? */
 
-    if (PhysicalAddress > 0x400)
+    /*
+     * Check that the EBDA pointer from memory is sane and does not point
+     * above valid low memory
+     */
+    if (PhysicalAddress > 0x400 &&
+        PhysicalAddress < 0xA0000)
     {
         /*
          * 1b) Search EBDA paragraphs (EBDA is required to be a
author	Vit Kabele <vit@kabele.me>	2022-02-11 14:01:55 +0200
committer	Vit Kabele <vit@kabele.me>	2022-05-03 14:37:08 +0200
commit	cc9e7763ceb2e2649fe3422130416d84a3c6854a (patch)
tree	603e8cb04c87df79842fa51495c88ebd3acca531
parent	c6837a4aaeb4b7f6000307aacc04de99d1bae28c (diff)
download	acpica-cc9e7763ceb2e2649fe3422130416d84a3c6854a.tar.gz