git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Ard Biesheuvel <ardb@kernel.org>
	Fri, 26 Jun 2020 15:58:31 +0000 (17:58 +0200)
committer	Catalin Marinas <catalin.marinas@arm.com>
	Tue, 14 Jul 2020 17:02:03 +0000 (18:02 +0100)
commit	1583052d111f8ea43f9954c5e749164fd2b954af
tree	29648a1747f4bc705f5e139656a1c7bc3fd7e64e	tree \| snapshot
parent	9ebcfadb0610322ac537dd7aa5d9cbc2b2894c68	commit \| diff

arm64/acpi: disallow AML memory opregions to access kernel memory

AML uses SystemMemory opregions to allow AML handlers to access MMIO
registers of, e.g., GPIO controllers, or access reserved regions of
memory that are owned by the firmware.

Currently, we also allow AML access to memory that is owned by the
kernel and mapped via the linear region, which does not seem to be
supported by a valid use case, and exposes the kernel's internal
state to AML methods that may be buggy and exploitable.

On arm64, ACPI support requires booting in EFI mode, and so we can cross
reference the requested region against the EFI memory map, rather than
just do a minimal check on the first page. So let's only permit regions
to be remapped by the ACPI core if
- they don't appear in the EFI memory map at all (which is the case for
most MMIO), or
- they are covered by a single region in the EFI memory map, which is not
of a type that describes memory that is given to the kernel at boot.

Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Link: https://lore.kernel.org/r/20200626155832.2323789-2-ardb@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

arch/arm64/include/asm/acpi.h		diff \| blob \| history
arch/arm64/kernel/acpi.c		diff \| blob \| history