1 // SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0 2 /****************************************************************************** 3 * 4 * Module Name: hwvalid - I/O request validation 5 * 6 * Copyright (C) 2000 - 2019, Intel Corp. 7 * 8 *****************************************************************************/ 9 10 #include <acpi/acpi.h> 11 #include "accommon.h" 12 13 #define _COMPONENT ACPI_HARDWARE 14 ACPI_MODULE_NAME("hwvalid") 15 16 /* Local prototypes */ 17 static acpi_status 18 acpi_hw_validate_io_request(acpi_io_address address, u32 bit_width); 19 20 /* 21 * Protected I/O ports. Some ports are always illegal, and some are 22 * conditionally illegal. This table must remain ordered by port address. 23 * 24 * The table is used to implement the Microsoft port access rules that 25 * first appeared in Windows XP. Some ports are always illegal, and some 26 * ports are only illegal if the BIOS calls _OSI with a win_XP string or 27 * later (meaning that the BIOS itelf is post-XP.) 28 * 29 * This provides ACPICA with the desired port protections and 30 * Microsoft compatibility. 31 * 32 * Description of port entries: 33 * DMA: DMA controller 34 * PIC0: Programmable Interrupt Controller (8259A) 35 * PIT1: System Timer 1 36 * PIT2: System Timer 2 failsafe 37 * RTC: Real-time clock 38 * CMOS: Extended CMOS 39 * DMA1: DMA 1 page registers 40 * DMA1L: DMA 1 Ch 0 low page 41 * DMA2: DMA 2 page registers 42 * DMA2L: DMA 2 low page refresh 43 * ARBC: Arbitration control 44 * SETUP: Reserved system board setup 45 * POS: POS channel select 46 * PIC1: Cascaded PIC 47 * IDMA: ISA DMA 48 * ELCR: PIC edge/level registers 49 * PCI: PCI configuration space 50 */ 51 static const struct acpi_port_info acpi_protected_ports[] = { 52 {"DMA", 0x0000, 0x000F, ACPI_OSI_WIN_XP}, 53 {"PIC0", 0x0020, 0x0021, ACPI_ALWAYS_ILLEGAL}, 54 {"PIT1", 0x0040, 0x0043, ACPI_OSI_WIN_XP}, 55 {"PIT2", 0x0048, 0x004B, ACPI_OSI_WIN_XP}, 56 {"RTC", 0x0070, 0x0071, ACPI_OSI_WIN_XP}, 57 {"CMOS", 0x0074, 0x0076, ACPI_OSI_WIN_XP}, 58 {"DMA1", 0x0081, 0x0083, ACPI_OSI_WIN_XP}, 59 {"DMA1L", 0x0087, 0x0087, ACPI_OSI_WIN_XP}, 60 {"DMA2", 0x0089, 0x008B, ACPI_OSI_WIN_XP}, 61 {"DMA2L", 0x008F, 0x008F, ACPI_OSI_WIN_XP}, 62 {"ARBC", 0x0090, 0x0091, ACPI_OSI_WIN_XP}, 63 {"SETUP", 0x0093, 0x0094, ACPI_OSI_WIN_XP}, 64 {"POS", 0x0096, 0x0097, ACPI_OSI_WIN_XP}, 65 {"PIC1", 0x00A0, 0x00A1, ACPI_ALWAYS_ILLEGAL}, 66 {"IDMA", 0x00C0, 0x00DF, ACPI_OSI_WIN_XP}, 67 {"ELCR", 0x04D0, 0x04D1, ACPI_ALWAYS_ILLEGAL}, 68 {"PCI", 0x0CF8, 0x0CFF, ACPI_OSI_WIN_XP} 69 }; 70 71 #define ACPI_PORT_INFO_ENTRIES ACPI_ARRAY_LENGTH (acpi_protected_ports) 72 73 /****************************************************************************** 74 * 75 * FUNCTION: acpi_hw_validate_io_request 76 * 77 * PARAMETERS: Address Address of I/O port/register 78 * bit_width Number of bits (8,16,32) 79 * 80 * RETURN: Status 81 * 82 * DESCRIPTION: Validates an I/O request (address/length). Certain ports are 83 * always illegal and some ports are only illegal depending on 84 * the requests the BIOS AML code makes to the predefined 85 * _OSI method. 86 * 87 ******************************************************************************/ 88 89 static acpi_status 90 acpi_hw_validate_io_request(acpi_io_address address, u32 bit_width) 91 { 92 u32 i; 93 u32 byte_width; 94 acpi_io_address last_address; 95 const struct acpi_port_info *port_info; 96 97 ACPI_FUNCTION_TRACE(hw_validate_io_request); 98 99 /* Supported widths are 8/16/32 */ 100 101 if ((bit_width != 8) && (bit_width != 16) && (bit_width != 32)) { 102 ACPI_ERROR((AE_INFO, 103 "Bad BitWidth parameter: %8.8X", bit_width)); 104 return_ACPI_STATUS(AE_BAD_PARAMETER); 105 } 106 107 port_info = acpi_protected_ports; 108 byte_width = ACPI_DIV_8(bit_width); 109 last_address = address + byte_width - 1; 110 111 ACPI_DEBUG_PRINT((ACPI_DB_IO, 112 "Address %8.8X%8.8X LastAddress %8.8X%8.8X Length %X", 113 ACPI_FORMAT_UINT64(address), 114 ACPI_FORMAT_UINT64(last_address), byte_width)); 115 116 /* Maximum 16-bit address in I/O space */ 117 118 if (last_address > ACPI_UINT16_MAX) { 119 ACPI_ERROR((AE_INFO, 120 "Illegal I/O port address/length above 64K: %8.8X%8.8X/0x%X", 121 ACPI_FORMAT_UINT64(address), byte_width)); 122 return_ACPI_STATUS(AE_LIMIT); 123 } 124 125 /* Exit if requested address is not within the protected port table */ 126 127 if (address > acpi_protected_ports[ACPI_PORT_INFO_ENTRIES - 1].end) { 128 return_ACPI_STATUS(AE_OK); 129 } 130 131 /* Check request against the list of protected I/O ports */ 132 133 for (i = 0; i < ACPI_PORT_INFO_ENTRIES; i++, port_info++) { 134 /* 135 * Check if the requested address range will write to a reserved 136 * port. There are four cases to consider: 137 * 138 * 1) Address range is contained completely in the port address range 139 * 2) Address range overlaps port range at the port range start 140 * 3) Address range overlaps port range at the port range end 141 * 4) Address range completely encompasses the port range 142 */ 143 if ((address <= port_info->end) 144 && (last_address >= port_info->start)) { 145 146 /* Port illegality may depend on the _OSI calls made by the BIOS */ 147 148 if (acpi_gbl_osi_data >= port_info->osi_dependency) { 149 ACPI_DEBUG_PRINT((ACPI_DB_VALUES, 150 "Denied AML access to port 0x%8.8X%8.8X/%X (%s 0x%.4X-0x%.4X)\n", 151 ACPI_FORMAT_UINT64(address), 152 byte_width, port_info->name, 153 port_info->start, 154 port_info->end)); 155 156 return_ACPI_STATUS(AE_AML_ILLEGAL_ADDRESS); 157 } 158 } 159 160 /* Finished if address range ends before the end of this port */ 161 162 if (last_address <= port_info->end) { 163 break; 164 } 165 } 166 167 return_ACPI_STATUS(AE_OK); 168 } 169 170 /****************************************************************************** 171 * 172 * FUNCTION: acpi_hw_read_port 173 * 174 * PARAMETERS: Address Address of I/O port/register to read 175 * Value Where value (data) is returned 176 * Width Number of bits 177 * 178 * RETURN: Status and value read from port 179 * 180 * DESCRIPTION: Read data from an I/O port or register. This is a front-end 181 * to acpi_os_read_port that performs validation on both the port 182 * address and the length. 183 * 184 *****************************************************************************/ 185 186 acpi_status acpi_hw_read_port(acpi_io_address address, u32 *value, u32 width) 187 { 188 acpi_status status; 189 u32 one_byte; 190 u32 i; 191 192 /* Truncate address to 16 bits if requested */ 193 194 if (acpi_gbl_truncate_io_addresses) { 195 address &= ACPI_UINT16_MAX; 196 } 197 198 /* Validate the entire request and perform the I/O */ 199 200 status = acpi_hw_validate_io_request(address, width); 201 if (ACPI_SUCCESS(status)) { 202 status = acpi_os_read_port(address, value, width); 203 return (status); 204 } 205 206 if (status != AE_AML_ILLEGAL_ADDRESS) { 207 return (status); 208 } 209 210 /* 211 * There has been a protection violation within the request. Fall 212 * back to byte granularity port I/O and ignore the failing bytes. 213 * This provides compatibility with other ACPI implementations. 214 */ 215 for (i = 0, *value = 0; i < width; i += 8) { 216 217 /* Validate and read one byte */ 218 219 if (acpi_hw_validate_io_request(address, 8) == AE_OK) { 220 status = acpi_os_read_port(address, &one_byte, 8); 221 if (ACPI_FAILURE(status)) { 222 return (status); 223 } 224 225 *value |= (one_byte << i); 226 } 227 228 address++; 229 } 230 231 return (AE_OK); 232 } 233 234 /****************************************************************************** 235 * 236 * FUNCTION: acpi_hw_write_port 237 * 238 * PARAMETERS: Address Address of I/O port/register to write 239 * Value Value to write 240 * Width Number of bits 241 * 242 * RETURN: Status 243 * 244 * DESCRIPTION: Write data to an I/O port or register. This is a front-end 245 * to acpi_os_write_port that performs validation on both the port 246 * address and the length. 247 * 248 *****************************************************************************/ 249 250 acpi_status acpi_hw_write_port(acpi_io_address address, u32 value, u32 width) 251 { 252 acpi_status status; 253 u32 i; 254 255 /* Truncate address to 16 bits if requested */ 256 257 if (acpi_gbl_truncate_io_addresses) { 258 address &= ACPI_UINT16_MAX; 259 } 260 261 /* Validate the entire request and perform the I/O */ 262 263 status = acpi_hw_validate_io_request(address, width); 264 if (ACPI_SUCCESS(status)) { 265 status = acpi_os_write_port(address, value, width); 266 return (status); 267 } 268 269 if (status != AE_AML_ILLEGAL_ADDRESS) { 270 return (status); 271 } 272 273 /* 274 * There has been a protection violation within the request. Fall 275 * back to byte granularity port I/O and ignore the failing bytes. 276 * This provides compatibility with other ACPI implementations. 277 */ 278 for (i = 0; i < width; i += 8) { 279 280 /* Validate and write one byte */ 281 282 if (acpi_hw_validate_io_request(address, 8) == AE_OK) { 283 status = 284 acpi_os_write_port(address, (value >> i) & 0xFF, 8); 285 if (ACPI_FAILURE(status)) { 286 return (status); 287 } 288 } 289 290 address++; 291 } 292 293 return (AE_OK); 294 } 295