linux/drivers
Rafael J. Wysocki 1a1c130ab7 ACPI: tables: x86: Reserve memory occupied by ACPI tables
The following problem has been reported by George Kennedy:

 Since commit 7fef431be9 ("mm/page_alloc: place pages to tail
 in __free_pages_core()") the following use after free occurs
 intermittently when ACPI tables are accessed.

 BUG: KASAN: use-after-free in ibft_init+0x134/0xc49
 Read of size 4 at addr ffff8880be453004 by task swapper/0/1
 CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.12.0-rc1-7a7fd0d #1
 Call Trace:
  dump_stack+0xf6/0x158
  print_address_description.constprop.9+0x41/0x60
  kasan_report.cold.14+0x7b/0xd4
  __asan_report_load_n_noabort+0xf/0x20
  ibft_init+0x134/0xc49
  do_one_initcall+0xc4/0x3e0
  kernel_init_freeable+0x5af/0x66b
  kernel_init+0x16/0x1d0
  ret_from_fork+0x22/0x30

 ACPI tables mapped via kmap() do not have their mapped pages
 reserved and the pages can be "stolen" by the buddy allocator.

Apparently, on the affected system, the ACPI table in question is
not located in "reserved" memory, like ACPI NVS or ACPI Data, that
will not be used by the buddy allocator, so the memory occupied by
that table has to be explicitly reserved to prevent the buddy
allocator from using it.

In order to address this problem, rearrange the initialization of the
ACPI tables on x86 to locate the initial tables earlier and reserve
the memory occupied by them.

The other architectures using ACPI should not be affected by this
change.

Link: https://lore.kernel.org/linux-acpi/1614802160-29362-1-git-send-email-george.kennedy@oracle.com/
Reported-by: George Kennedy <george.kennedy@oracle.com>
Tested-by: George Kennedy <george.kennedy@oracle.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Mike Rapoport <rppt@linux.ibm.com>
Cc: 5.10+ <stable@vger.kernel.org> # 5.10+
2021-03-29 19:26:04 +02:00
..
accessibility Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
acpi ACPI: tables: x86: Reserve memory occupied by ACPI tables 2021-03-29 19:26:04 +02:00
amba
android
ata
atm module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
auxdisplay auxdisplay: Remove in_interrupt() usage. 2021-03-16 16:32:40 +01:00
base PM: runtime: Defer suspending suppliers 2021-03-22 15:21:38 +01:00
bcma
block module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
bluetooth module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
bus Fixes for omaps for v5.12-rc cycle 2021-03-18 23:52:27 +01:00
cdrom
char module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
clk clk: qcom: gcc-sc7180: Use floor ops for the correct sdcc1 clk 2021-03-13 13:00:05 -08:00
clocksource A small set of clockevent fixes which fell through the cracks 2021-02-22 14:11:36 -08:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-03-06 16:48:09 +00:00
cpufreq cpufreq: blacklist Arm Vexpress platforms in cpufreq-dt-platdev 2021-03-08 16:20:07 +05:30
cpuidle
crypto vio: make remove callback return void 2021-03-02 22:41:23 +11:00
cxl cxl/mem: Fix potential memory leak 2021-02-22 14:44:39 -08:00
dax Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
dca
devfreq Merge branches 'pm-devfreq' and 'pm-tools' 2021-02-15 17:02:04 +01:00
dio
dma dmaengine updates for v5.12-rc1 2021-02-23 15:05:10 -08:00
dma-buf dma-fence: allow signaling drivers to set fence timestamp 2021-02-24 21:05:28 +05:30
edac Merge branch 'edac-misc' into edac-updates-for-v5.12 2021-02-15 10:06:58 +01:00
eisa
extcon
firewire firewire: replace tricky statement by two simple ones 2021-02-09 12:16:20 +01:00
firmware Another couple of EFI fixes for v5.12-rc: 2021-03-19 14:23:46 +01:00
fpga
fsi
gnss
gpio gpiolib: Assign fwnode to parent's if no primary one provided 2021-03-16 10:18:08 +01:00
gpu Merge tag 'drm-msm-fixes-2021-02-25' of https://gitlab.freedesktop.org/drm/msm into drm-fixes 2021-03-26 13:04:17 +10:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2021-02-23 14:52:22 -08:00
hsi
hv mm/memory_hotplug: MEMHP_MERGE_RESOURCE -> MHP_MERGE_RESOURCE 2021-02-26 09:41:00 -08:00
hwmon Devicetree updates for v5.12: 2021-02-22 10:05:12 -08:00
hwspinlock hwspinlock: omap: Add support for K3 AM64x SoCs 2021-02-09 11:36:50 -06:00
hwtracing ARM updates for 5.12-rc1: 2021-02-22 14:27:07 -08:00
i2c i2c: exynos5: Preserve high speed master code 2021-02-26 11:47:42 +01:00
i3c I3C for 5.12 2021-02-22 09:52:55 -08:00
ide ide-5.11-2021-02-28 2021-02-28 15:48:25 -08:00
idle
iio First set of IIO and counter fixes for the 5.12 cycle 2021-03-15 16:34:39 +01:00
infiniband RDMA 5.12 second rc pull request 2021-03-25 11:23:35 -07:00
input module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
interconnect
iommu iommu/tegra-smmu: Make tegra_smmu_probe_device() to handle all IOMMU phandles 2021-03-18 11:31:12 +01:00
ipack ipack: Handle a driver without remove callback 2021-02-09 09:48:23 +01:00
irqchip irqchip/ingenic: Add support for the JZ4760 2021-03-09 08:45:17 +00:00
isdn isdn: capi: fix mismatched prototypes 2021-03-22 16:51:11 -07:00
leds leds: trigger/tty: Use led_set_brightness_sync() from workqueue 2021-03-10 09:27:56 +01:00
lightnvm lightnvm: pblk: Replace guid_copy() with export_guid()/import_guid() 2021-02-14 21:27:24 -07:00
macintosh
mailbox mailbox: arm_mhuv2: Skip calling kfree() with invalid pointer 2021-02-22 13:34:27 -06:00
mcb
md dm ioctl: fix out of bounds array access when no devices 2021-03-26 14:51:50 -04:00
media module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
memory Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
memstick
message
mfd mfd: intel_quark_i2c_gpio: Revert "Constify static struct resources" 2021-03-23 09:14:12 +00:00
misc Char/misc driver fixes for 5.12-rc3 2021-03-13 12:38:44 -08:00
mmc mmc: cqhci: Fix random crash when remove mmc module/card 2021-03-09 10:00:52 +01:00
most
mtd module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
mux
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-24 18:16:04 -07:00
nfc Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
ntb NTB: Add support for EPF PCI Non-Transparent Bridge 2021-02-23 14:12:53 -06:00
nubus
nvdimm libnvdimm + device-dax for 5.12 2021-02-24 09:35:54 -08:00
nvme nvmet-tcp: fix kmap leak when data digest in use 2021-03-18 05:39:18 +01:00
nvmem
of Char/Misc driver patches for 5.12-rc1 2021-02-24 10:25:37 -08:00
opp opp: Don't drop extra references to OPPs accidentally 2021-03-12 09:26:52 +05:30
parisc
parport module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
pci powerpc fixes for 5.12 #4 2021-03-21 10:57:35 -07:00
pcmcia Merge branch 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux 2021-02-26 13:54:43 -08:00
perf perf/arm_dmc620_pmu: Fix error return code in dmc620_pmu_device_probe() 2021-03-12 11:30:31 +00:00
phy phy: second round of phy fixes for v5.11 2021-02-10 10:39:23 +01:00
pinctrl RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
platform platform/x86: intel_pmc_core: Ignore GBE LTR on Tiger Lake platforms 2021-03-23 21:50:14 +01:00
pnp
power
powercap powercap/drivers/dtpm: Add the experimental label to the option description 2021-03-01 17:43:29 +01:00
pps
ps3
ptp ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation 2021-03-24 12:10:03 -07:00
pwm pwm: Changes for v5.12-rc1 2021-02-25 12:23:49 -08:00
rapidio
ras
regulator regulator: mt6315: Fix off-by-one for .n_voltages 2021-03-11 13:23:21 +00:00
remoteproc remoteproc: qcom: pas: Add SM8350 PAS remoteprocs 2021-02-11 12:52:18 -06:00
reset RISC-V Patches for the 5.12 Merge Window 2021-02-26 10:28:35 -08:00
rpmsg
rtc Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2021-02-27 08:07:12 -08:00
s390 module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
sbus module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
scsi SCSI fixes on 20210327 2021-03-28 11:34:47 -07:00
sh module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
siox
slimbus
soc Fixes for omaps for v5.12-rc cycle 2021-03-18 23:52:27 +01:00
soundwire ALSA: hda: move Intel SoundWire ACPI scan to dedicated module 2021-03-02 15:33:00 +01:00
spi spi: cadence: set cqspi to the driver_data field of struct device 2021-03-11 13:32:32 +00:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-02-12 12:26:46 +01:00
ssb
staging Staging/IIO driver fixes for 5.12-rc4 2021-03-21 11:54:04 -07:00
target scsi: target: pscsi: Clean up after failure in pscsi_map_sg() 2021-03-24 23:19:23 -04:00
tc
tee module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
thermal thermal/core: Add NULL pointer check before using cooling device stats 2021-03-17 09:55:58 +01:00
thunderbolt thunderbolt: Increase runtime PM reference count on DP tunnel discovery 2021-03-08 14:22:42 +03:00
tty module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
uio uio: uio_pci_generic: don't fail probe if pdev->irq equals to IRQ_NOTCONNECTED 2021-02-09 12:25:32 +01:00
usb USB / Thunderbolt driver fixes for 5.12-rc4 2021-03-21 11:49:16 -07:00
vdpa vdpa_sim: Skip typecasting from void* 2021-03-14 04:37:36 -04:00
vfio vfio/type1: fix vaddr_get_pfns() return in vfio_pin_page_external() 2021-03-16 10:39:29 -06:00
vhost virtio: fixes, cleanups 2021-03-18 11:20:35 -07:00
video fbdev: atyfb: use LCD management functions for PPC_PMAC also 2021-03-11 11:11:32 +01:00
virt virt: acrn: Correct type casting of argument of copy_from_user() 2021-03-10 16:59:50 +01:00
virtio virtio: fixes, cleanups 2021-03-18 11:20:35 -07:00
visorbus
vlynq
vme vme: make remove callback return void 2021-02-09 12:15:07 +01:00
w1
watchdog module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
xen xen: branch for v5.12-rc5 2021-03-26 11:15:25 -07:00
zorro
Kconfig cxl/mem: Introduce a driver for CXL-2.0-Type-3 endpoints 2021-02-16 20:36:38 -08:00
Makefile Simple Firmware Interface (SFI) support removal for v5.12-rc1 2021-02-24 10:35:29 -08:00