• Matt Fleming's avatar
    x86/efi: Check status field to validate BGRT header · 09503379
    Matt Fleming authored
    Madper reported seeing the following crash,
    
      BUG: unable to handle kernel paging request at ffffffffff340003
      IP: [<ffffffff81d85ba4>] efi_bgrt_init+0x9d/0x133
      Call Trace:
       [<ffffffff81d8525d>] efi_late_init+0x9/0xb
       [<ffffffff81d68f59>] start_kernel+0x436/0x450
       [<ffffffff81d6892c>] ? repair_env_string+0x5c/0x5c
       [<ffffffff81d68120>] ? early_idt_handlers+0x120/0x120
       [<ffffffff81d685de>] x86_64_start_reservations+0x2a/0x2c
       [<ffffffff81d6871e>] x86_64_start_kernel+0x13e/0x14d
    
    This is caused because the layout of the ACPI BGRT header on this system
    doesn't match the definition from the ACPI spec, and so we get a bogus
    physical address when dereferencing ->image_address in efi_bgrt_init().
    
    Luckily the status field in the BGRT header clearly marks it as invalid,
    so we can check that field and skip BGRT initialisation.
    Reported-by: default avatarMadper Xie <cxie@redhat.com>
    Suggested-by: default avatarToshi Kani <toshi.kani@hp.com>
    Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
    Cc: Matthew Garrett <mjg59@srcf.ucam.org>
    Cc: Josh Triplett <josh@joshtriplett.org>
    Signed-off-by: default avatarMatt Fleming <matt.fleming@intel.com>
    09503379
efi-bgrt.c 1.85 KB