Hmm, actually... > > if (memblock_is_map_memory(phys)) > > - return (void __iomem *)__phys_to_virt(phys); > > + return NULL; It might be prudent to have this check take into account the size of the region being mapped. I realize ACPI considers it to be undefined if you cross borders, but I could imagine actual system behavior being somewhat complicated, and a clever bypass being possible. Hypothetically: KASLR starts kernel at phys_base+offset, [phys_base, rounddownpage(offset)) doesn't get mapped, malicious acpi then maps phys_base+rounddownpage(offset)-1, and then this check doesn't get hit.
