acpi/acpica/hwvalid.c

0001 // SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0
0002 /******************************************************************************
0003  *
0004  * Module Name: hwvalid - I/O request validation
0005  *
0006  * Copyright (C) 2000 - 2022, Intel Corp.
0007  *
0008  *****************************************************************************/
0009
0010 #include <acpi/acpi.h>
0011 #include "accommon.h"
0012
0013 #define _COMPONENT          ACPI_HARDWARE
0014 ACPI_MODULE_NAME("hwvalid")
0015
0016 /* Local prototypes */
0017 static acpi_status
0018 acpi_hw_validate_io_request(acpi_io_address address, u32 bit_width);
0019
0020 /*
0021  * Protected I/O ports. Some ports are always illegal, and some are
0022  * conditionally illegal. This table must remain ordered by port address.
0023  *
0024  * The table is used to implement the Microsoft port access rules that
0025  * first appeared in Windows XP. Some ports are always illegal, and some
0026  * ports are only illegal if the BIOS calls _OSI with a win_XP string or
0027  * later (meaning that the BIOS itelf is post-XP.)
0028  *
0029  * This provides ACPICA with the desired port protections and
0030  * Microsoft compatibility.
0031  *
0032  * Description of port entries:
0033  *  DMA:   DMA controller
0034  *  PIC0:  Programmable Interrupt Controller (8259A)
0035  *  PIT1:  System Timer 1
0036  *  PIT2:  System Timer 2 failsafe
0037  *  RTC:   Real-time clock
0038  *  CMOS:  Extended CMOS
0039  *  DMA1:  DMA 1 page registers
0040  *  DMA1L: DMA 1 Ch 0 low page
0041  *  DMA2:  DMA 2 page registers
0042  *  DMA2L: DMA 2 low page refresh
0043  *  ARBC:  Arbitration control
0044  *  SETUP: Reserved system board setup
0045  *  POS:   POS channel select
0046  *  PIC1:  Cascaded PIC
0047  *  IDMA:  ISA DMA
0048  *  ELCR:  PIC edge/level registers
0049  *  PCI:   PCI configuration space
0050  */
0051 static const struct acpi_port_info acpi_protected_ports[] = {
0052     {"DMA", 0x0000, 0x000F, ACPI_OSI_WIN_XP},
0053     {"PIC0", 0x0020, 0x0021, ACPI_ALWAYS_ILLEGAL},
0054     {"PIT1", 0x0040, 0x0043, ACPI_OSI_WIN_XP},
0055     {"PIT2", 0x0048, 0x004B, ACPI_OSI_WIN_XP},
0056     {"RTC", 0x0070, 0x0071, ACPI_OSI_WIN_XP},
0057     {"CMOS", 0x0074, 0x0076, ACPI_OSI_WIN_XP},
0058     {"DMA1", 0x0081, 0x0083, ACPI_OSI_WIN_XP},
0059     {"DMA1L", 0x0087, 0x0087, ACPI_OSI_WIN_XP},
0060     {"DMA2", 0x0089, 0x008B, ACPI_OSI_WIN_XP},
0061     {"DMA2L", 0x008F, 0x008F, ACPI_OSI_WIN_XP},
0062     {"ARBC", 0x0090, 0x0091, ACPI_OSI_WIN_XP},
0063     {"SETUP", 0x0093, 0x0094, ACPI_OSI_WIN_XP},
0064     {"POS", 0x0096, 0x0097, ACPI_OSI_WIN_XP},
0065     {"PIC1", 0x00A0, 0x00A1, ACPI_ALWAYS_ILLEGAL},
0066     {"IDMA", 0x00C0, 0x00DF, ACPI_OSI_WIN_XP},
0067     {"ELCR", 0x04D0, 0x04D1, ACPI_ALWAYS_ILLEGAL},
0068     {"PCI", 0x0CF8, 0x0CFF, ACPI_OSI_WIN_XP}
0069 };
0070
0071 #define ACPI_PORT_INFO_ENTRIES      ACPI_ARRAY_LENGTH (acpi_protected_ports)
0072
0073 /******************************************************************************
0074  *
0075  * FUNCTION:    acpi_hw_validate_io_request
0076  *
0077  * PARAMETERS:  Address             Address of I/O port/register
0078  *              bit_width           Number of bits (8,16,32)
0079  *
0080  * RETURN:      Status
0081  *
0082  * DESCRIPTION: Validates an I/O request (address/length). Certain ports are
0083  *              always illegal and some ports are only illegal depending on
0084  *              the requests the BIOS AML code makes to the predefined
0085  *              _OSI method.
0086  *
0087  ******************************************************************************/
0088
0089 static acpi_status
0090 acpi_hw_validate_io_request(acpi_io_address address, u32 bit_width)
0091 {
0092     u32 i;
0093     u32 byte_width;
0094     acpi_io_address last_address;
0095     const struct acpi_port_info *port_info;
0096
0097     ACPI_FUNCTION_TRACE(hw_validate_io_request);
0098
0099     /* Supported widths are 8/16/32 */
0100
0101     if ((bit_width != 8) && (bit_width != 16) && (bit_width != 32)) {
0102         ACPI_ERROR((AE_INFO,
0103                 "Bad BitWidth parameter: %8.8X", bit_width));
0104         return_ACPI_STATUS(AE_BAD_PARAMETER);
0105     }
0106
0107     port_info = acpi_protected_ports;
0108     byte_width = ACPI_DIV_8(bit_width);
0109     last_address = address + byte_width - 1;
0110
0111     ACPI_DEBUG_PRINT((ACPI_DB_IO,
0112               "Address %8.8X%8.8X LastAddress %8.8X%8.8X Length %X",
0113               ACPI_FORMAT_UINT64(address),
0114               ACPI_FORMAT_UINT64(last_address), byte_width));
0115
0116     /* Maximum 16-bit address in I/O space */
0117
0118     if (last_address > ACPI_UINT16_MAX) {
0119         ACPI_ERROR((AE_INFO,
0120                 "Illegal I/O port address/length above 64K: %8.8X%8.8X/0x%X",
0121                 ACPI_FORMAT_UINT64(address), byte_width));
0122         return_ACPI_STATUS(AE_LIMIT);
0123     }
0124
0125     /* Exit if requested address is not within the protected port table */
0126
0127     if (address > acpi_protected_ports[ACPI_PORT_INFO_ENTRIES - 1].end) {
0128         return_ACPI_STATUS(AE_OK);
0129     }
0130
0131     /* Check request against the list of protected I/O ports */
0132
0133     for (i = 0; i < ACPI_PORT_INFO_ENTRIES; i++, port_info++) {
0134         /*
0135          * Check if the requested address range will write to a reserved
0136          * port. There are four cases to consider:
0137          *
0138          * 1) Address range is contained completely in the port address range
0139          * 2) Address range overlaps port range at the port range start
0140          * 3) Address range overlaps port range at the port range end
0141          * 4) Address range completely encompasses the port range
0142          */
0143         if ((address <= port_info->end)
0144             && (last_address >= port_info->start)) {
0145
0146             /* Port illegality may depend on the _OSI calls made by the BIOS */
0147
0148             if (acpi_gbl_osi_data >= port_info->osi_dependency) {
0149                 ACPI_DEBUG_PRINT((ACPI_DB_VALUES,
0150                           "Denied AML access to port 0x%8.8X%8.8X/%X (%s 0x%.4X-0x%.4X)\n",
0151                           ACPI_FORMAT_UINT64(address),
0152                           byte_width, port_info->name,
0153                           port_info->start,
0154                           port_info->end));
0155
0156                 return_ACPI_STATUS(AE_AML_ILLEGAL_ADDRESS);
0157             }
0158         }
0159
0160         /* Finished if address range ends before the end of this port */
0161
0162         if (last_address <= port_info->end) {
0163             break;
0164         }
0165     }
0166
0167     return_ACPI_STATUS(AE_OK);
0168 }
0169
0170 /******************************************************************************
0171  *
0172  * FUNCTION:    acpi_hw_read_port
0173  *
0174  * PARAMETERS:  Address             Address of I/O port/register to read
0175  *              Value               Where value (data) is returned
0176  *              Width               Number of bits
0177  *
0178  * RETURN:      Status and value read from port
0179  *
0180  * DESCRIPTION: Read data from an I/O port or register. This is a front-end
0181  *              to acpi_os_read_port that performs validation on both the port
0182  *              address and the length.
0183  *
0184  *****************************************************************************/
0185
0186 acpi_status acpi_hw_read_port(acpi_io_address address, u32 *value, u32 width)
0187 {
0188     acpi_status status;
0189     u32 one_byte;
0190     u32 i;
0191
0192     /* Truncate address to 16 bits if requested */
0193
0194     if (acpi_gbl_truncate_io_addresses) {
0195         address &= ACPI_UINT16_MAX;
0196     }
0197
0198     /* Validate the entire request and perform the I/O */
0199
0200     status = acpi_hw_validate_io_request(address, width);
0201     if (ACPI_SUCCESS(status)) {
0202         status = acpi_os_read_port(address, value, width);
0203         return (status);
0204     }
0205
0206     if (status != AE_AML_ILLEGAL_ADDRESS) {
0207         return (status);
0208     }
0209
0210     /*
0211      * There has been a protection violation within the request. Fall
0212      * back to byte granularity port I/O and ignore the failing bytes.
0213      * This provides compatibility with other ACPI implementations.
0214      */
0215     for (i = 0, *value = 0; i < width; i += 8) {
0216
0217         /* Validate and read one byte */
0218
0219         if (acpi_hw_validate_io_request(address, 8) == AE_OK) {
0220             status = acpi_os_read_port(address, &one_byte, 8);
0221             if (ACPI_FAILURE(status)) {
0222                 return (status);
0223             }
0224
0225             *value |= (one_byte << i);
0226         }
0227
0228         address++;
0229     }
0230
0231     return (AE_OK);
0232 }
0233
0234 /******************************************************************************
0235  *
0236  * FUNCTION:    acpi_hw_write_port
0237  *
0238  * PARAMETERS:  Address             Address of I/O port/register to write
0239  *              Value               Value to write
0240  *              Width               Number of bits
0241  *
0242  * RETURN:      Status
0243  *
0244  * DESCRIPTION: Write data to an I/O port or register. This is a front-end
0245  *              to acpi_os_write_port that performs validation on both the port
0246  *              address and the length.
0247  *
0248  *****************************************************************************/
0249
0250 acpi_status acpi_hw_write_port(acpi_io_address address, u32 value, u32 width)
0251 {
0252     acpi_status status;
0253     u32 i;
0254
0255     /* Truncate address to 16 bits if requested */
0256
0257     if (acpi_gbl_truncate_io_addresses) {
0258         address &= ACPI_UINT16_MAX;
0259     }
0260
0261     /* Validate the entire request and perform the I/O */
0262
0263     status = acpi_hw_validate_io_request(address, width);
0264     if (ACPI_SUCCESS(status)) {
0265         status = acpi_os_write_port(address, value, width);
0266         return (status);
0267     }
0268
0269     if (status != AE_AML_ILLEGAL_ADDRESS) {
0270         return (status);
0271     }
0272
0273     /*
0274      * There has been a protection violation within the request. Fall
0275      * back to byte granularity port I/O and ignore the failing bytes.
0276      * This provides compatibility with other ACPI implementations.
0277      */
0278     for (i = 0; i < width; i += 8) {
0279
0280         /* Validate and write one byte */
0281
0282         if (acpi_hw_validate_io_request(address, 8) == AE_OK) {
0283             status =
0284                 acpi_os_write_port(address, (value >> i) & 0xFF, 8);
0285             if (ACPI_FAILURE(status)) {
0286                 return (status);
0287             }
0288         }
0289
0290         address++;
0291     }
0292
0293     return (AE_OK);
0294 }
0295
0296 /******************************************************************************
0297  *
0298  * FUNCTION:    acpi_hw_validate_io_block
0299  *
0300  * PARAMETERS:  Address             Address of I/O port/register blobk
0301  *              bit_width           Number of bits (8,16,32) in each register
0302  *              count               Number of registers in the block
0303  *
0304  * RETURN:      Status
0305  *
0306  * DESCRIPTION: Validates a block of I/O ports/registers.
0307  *
0308  ******************************************************************************/
0309
0310 acpi_status acpi_hw_validate_io_block(u64 address, u32 bit_width, u32 count)
0311 {
0312     acpi_status status;
0313
0314     while (count--) {
0315         status = acpi_hw_validate_io_request((acpi_io_address)address,
0316                              bit_width);
0317         if (ACPI_FAILURE(status))
0318             return_ACPI_STATUS(status);
0319
0320         address += ACPI_DIV_8(bit_width);
0321     }
0322
0323     return_ACPI_STATUS(AE_OK);
0324 }