Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-12 22:23:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
1a1c130ab7
linux/drivers/acpi
History
Rafael J. Wysocki 1a1c130ab7 ACPI: tables: x86: Reserve memory occupied by ACPI tables 
The following problem has been reported by George Kennedy:

 Since commit 7fef431be9 ("mm/page_alloc: place pages to tail
 in __free_pages_core()") the following use after free occurs
 intermittently when ACPI tables are accessed.

 BUG: KASAN: use-after-free in ibft_init+0x134/0xc49
 Read of size 4 at addr ffff8880be453004 by task swapper/0/1
 CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.12.0-rc1-7a7fd0d #1
 Call Trace:
  dump_stack+0xf6/0x158
  print_address_description.constprop.9+0x41/0x60
  kasan_report.cold.14+0x7b/0xd4
  __asan_report_load_n_noabort+0xf/0x20
  ibft_init+0x134/0xc49
  do_one_initcall+0xc4/0x3e0
  kernel_init_freeable+0x5af/0x66b
  kernel_init+0x16/0x1d0
  ret_from_fork+0x22/0x30

 ACPI tables mapped via kmap() do not have their mapped pages
 reserved and the pages can be "stolen" by the buddy allocator.

Apparently, on the affected system, the ACPI table in question is
not located in "reserved" memory, like ACPI NVS or ACPI Data, that
will not be used by the buddy allocator, so the memory occupied by
that table has to be explicitly reserved to prevent the buddy
allocator from using it.

In order to address this problem, rearrange the initialization of the
ACPI tables on x86 to locate the initial tables earlier and reserve
the memory occupied by them.

The other architectures using ACPI should not be affected by this
change.

Link: https://lore.kernel.org/linux-acpi/1614802160-29362-1-git-send-email-george.kennedy@oracle.com/
Reported-by: George Kennedy <george.kennedy@oracle.com>
Tested-by: George Kennedy <george.kennedy@oracle.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Mike Rapoport <rppt@linux.ibm.com>
Cc: 5.10+ <stable@vger.kernel.org> # 5.10+
2021-03-29 19:26:04 +02:00
..
acpica ACPICA: Always create namespace nodes using acpi_ns_create_node() 2021-03-24 14:50:54 +01:00
apei ACPI: APEI: ERST: remove unneeded semicolon 2021-02-05 13:50:51 +01:00
arm64 ACPI/IORT: Do not blindly trust DMA masks from firmware 2021-01-27 12:26:24 +00:00
dptf ACPI: DPTF: Support Alder Lake 2020-11-10 18:52:51 +01:00
nfit ACPI: NFIT: Fix flexible_array.cocci warnings 2021-01-11 12:56:49 -08:00
numa ACPI updates for 5.10-rc1 2020-10-14 11:42:04 -07:00
pmic ACPI / PMIC: Move TPS68470 OpRegion driver to drivers/acpi/pmic/ 2020-09-15 19:40:59 +02:00
x86 ACPI: PM: s2idle: Drop unused local variables and related code 2021-01-07 17:41:28 +01:00
ac.c ACPI: AC: Clean up printing messages 2021-02-04 19:45:45 +01:00
acpi_adxl.c
acpi_amba.c Merge 5.2-rc6 into char-misc-next 2019-06-23 09:23:33 +02:00
acpi_apd.c ACPI: APD: Clean up header file include statements 2020-09-25 12:48:11 +02:00
acpi_cmos_rtc.c ACPI: cmos_rtc: Remove leftover ACPI_MODULE_NAME() 2020-09-25 18:25:51 +02:00
acpi_configfs.c ACPI: configfs: add missing check after configfs_register_default_group() 2021-01-22 16:35:34 +01:00
acpi_dbg.c ACPI: debug: Remove the not used function 2020-11-17 18:12:34 +01:00
acpi_extlog.c ACPI / extlog: Check for RDMSR failure 2020-10-02 19:01:55 +02:00
acpi_fpdt.c ACPI: tables: introduce support for FPDT table 2021-01-29 19:24:13 +01:00
acpi_ipmi.c
acpi_lpat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
acpi_lpit.c ACPI: LPIT: Put the low power idle table after using it 2020-05-09 11:29:16 +02:00
acpi_lpss.c drm next for 5.10-rc1 2020-10-15 10:46:16 -07:00
acpi_memhotplug.c mm/memory_hotplug: prepare passing flags to add_memory() and friends 2020-10-16 11:11:18 -07:00
acpi_pad.c ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros 2021-01-22 16:17:19 +01:00
acpi_platform.c ACPI: platform: Remove ACPI_MODULE_NAME() 2020-09-25 18:25:51 +02:00
acpi_pnp.c ACPI: PNP: compare the string length in the matching_id() 2020-12-15 19:30:49 +01:00
acpi_processor.c ACPI: processor: remove comment regarding string _UID support 2020-10-16 18:11:27 +02:00
acpi_tad.c ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros 2021-01-22 16:17:19 +01:00
acpi_video.c ACPI: video: Clean up printing messages 2021-02-04 19:45:46 +01:00
acpi_watchdog.c ACPI: watchdog: Replace open coded variant of resource_union() 2020-11-17 18:06:29 +01:00
battery.c ACPI: battery: Clean up printing messages 2021-02-04 19:45:45 +01:00
bgrt.c ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros 2021-01-22 16:17:19 +01:00
blacklist.c ACPI: blacklist: fix clang warning for unused DMI table 2019-07-11 22:45:00 +02:00
bus.c ACPI updates for 5.12-rc1 2021-02-20 21:50:59 -08:00
button.c ACPI: button: Clean up printing messages 2021-02-04 19:45:46 +01:00
container.c ACPI: container: Remove leftover ACPICA debug functionality 2020-09-25 18:25:51 +02:00
cppc_acpi.c ACPI: CPPC: initialise vaddr pointers to NULL 2021-01-22 16:28:19 +01:00
custom_method.c ACPI: custom_method: Remove dead ACPICA debug code 2020-09-25 18:25:51 +02:00
debugfs.c ACPI: debugfs: Remove dead ACPICA debug code 2020-09-25 18:25:51 +02:00
device_pm.c ACPI: PM: Clean up printing messages 2021-02-04 19:11:43 +01:00
device_sysfs.c Merge branches 'acpi-misc', 'acpi-cppc', 'acpi-docs', 'acpi-config' and 'acpi-apei' 2021-02-15 17:04:40 +01:00
dock.c ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros 2021-01-22 16:17:19 +01:00
ec_sys.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 482 2019-06-19 17:09:52 +02:00
ec.c ACPI: EC: Clean up status flags checks in advance_transaction() 2020-11-23 20:01:01 +01:00
event.c ACPI: Fix whitespace inconsistencies 2020-11-09 19:08:06 +01:00
evged.c ACPI: GED: fix -Wformat 2020-11-09 19:25:20 +01:00
fan.c ACPI: fan: Initialize performance state sysfs attribute 2020-11-16 15:18:38 +01:00
glue.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
hed.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
internal.h ACPI: scan: Use unique number for instance_no 2021-03-22 17:45:53 +01:00
ioapic.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
irq.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-07-08 11:01:13 -07:00
Kconfig Merge branch 'acpi-tables' 2021-02-25 18:57:40 +01:00
Makefile Merge branch 'acpi-tables' 2021-02-25 18:57:40 +01:00
nvs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
osi.c ACPI: OSI: Shoot duplicate word 2019-11-13 11:12:08 +01:00
osl.c ACPI: OSL: Clean up printing messages 2021-02-10 19:09:43 +01:00
pci_irq.c ACPI: Fix whitespace inconsistencies 2020-11-09 19:08:06 +01:00
pci_link.c ACPI: Fix whitespace inconsistencies 2020-11-09 19:08:06 +01:00
pci_mcfg.c ACPI: Fix whitespace inconsistencies 2020-11-09 19:08:06 +01:00
pci_root.c PCI/ACPI: Clarify message about _OSC failure 2021-01-27 09:38:36 -06:00
pci_slot.c ACPI: PCI: Remove unused ACPICA debug code 2020-09-25 18:25:51 +02:00
platform_profile.c ACPI: platform: Add balanced-performance platform profile 2021-02-24 14:52:41 +01:00
power.c Merge branch 'acpi-messages' 2021-02-15 17:04:53 +01:00
pptt.c ACPI: PPTT: Consistently use unsigned int as parameter type 2020-01-07 11:46:36 +01:00
proc.c ACPI: proc: Remove dead ACPICA debug code 2020-09-25 18:25:51 +02:00
processor_core.c ACPI: processor: Remove dead ACPICA debug code 2020-09-25 18:25:51 +02:00
processor_driver.c cpufreq: Use per-policy frequency QoS 2019-10-21 02:05:21 +02:00
processor_idle.c ACPI: processor: Remove the duplicated ACPI_PROCESSOR_CLASS macro 2020-11-17 18:12:34 +01:00
processor_pdc.c
processor_perflib.c More power management updates for 5.11-rc1 2020-12-22 14:12:10 -08:00
processor_thermal.c ACPI: processor: Remove the duplicated ACPI_PROCESSOR_CLASS macro 2020-11-17 18:12:34 +01:00
processor_throttling.c ACPI: processor: Remove the duplicated ACPI_PROCESSOR_CLASS macro 2020-11-17 18:12:34 +01:00
property.c ACPI: property: Satisfy kernel doc validator (part 2) 2021-02-12 15:34:14 +01:00
reboot.c ACPI: reboot: Avoid racing after writing to ACPI RESET_REG 2020-10-16 18:04:52 +02:00
resource.c ACPI updates for 5.11-rc1 2020-12-15 16:39:06 -08:00
sbs.c ACPI: SBS: Simplify the code using module_acpi_driver() 2020-11-17 18:12:34 +01:00
sbshc.c ACPI: Fix whitespace inconsistencies 2020-11-09 19:08:06 +01:00
sbshc.h ACPI: Fix whitespace inconsistencies 2020-11-09 19:08:06 +01:00
scan.c ACPI: scan: Use unique number for instance_no 2021-03-22 17:45:53 +01:00
sleep.c ACPI: PM: s2idle: Move x86-specific code to the x86 directory 2020-12-17 20:30:02 +01:00
sleep.h ACPI: PM: s2idle: Move x86-specific code to the x86 directory 2020-12-17 20:30:02 +01:00
spcr.c ACPI: Use fallthrough pseudo-keyword 2020-07-09 14:09:28 +02:00
sysfs.c ACPI: thermal: Clean up printing messages 2021-02-04 19:45:46 +01:00
tables.c ACPI: tables: x86: Reserve memory occupied by ACPI tables 2021-03-29 19:26:04 +02:00
thermal.c - Use the newly introduced 'hot' and 'critical' ops for the acpi 2021-02-22 09:39:11 -08:00
tiny-power-button.c ACPI: tiny-power-button: Simplify the code using module_acpi_driver() 2020-11-17 18:12:34 +01:00
utils.c media updates for v5.12-rc1 2021-02-21 14:10:36 -08:00
video_detect.c ACPI: video: Add missing callback back for Sony VPCEH3U1E 2021-03-19 17:42:41 +01:00
wakeup.c ACPI: Fix whitespace inconsistencies 2020-11-09 19:08:06 +01:00