On Thu, Jan 12 2017, Dave Young wrote: > -void __init efi_bgrt_init(void) > +void __init efi_bgrt_init(struct acpi_table_header *table) > { > - acpi_status status; > void *image; > struct bmp_header bmp_header; > > if (acpi_disabled) > return; > > - status = acpi_get_table("BGRT", 0, > - (struct acpi_table_header **)&bgrt_tab); > - if (ACPI_FAILURE(status)) > - return; Not sure, but wouldn't it be safer to reverse the order of this assignment > + bgrt_tab = *(struct acpi_table_bgrt *)table; and this length check > - if (bgrt_tab->header.length < sizeof(*bgrt_tab)) { > + if (bgrt_tab.header.length < sizeof(bgrt_tab)) { > pr_notice("Ignoring BGRT: invalid length %u (expected %zu)\n", > - bgrt_tab->header.length, sizeof(*bgrt_tab)); > + bgrt_tab.header.length, sizeof(bgrt_tab)); > return; > } ? Also, from here on, all error paths should zero out bgrt_tab.image_address (or so) to signal failure to bgrt_init(): bgrt_init() now checks for !bgrt_tab.image_address whereas before it had tested bgrt_image and the latter used to be set at the very end of efi_bgrt_init(). > - if (bgrt_tab->version != 1) { > + if (bgrt_tab.version != 1) { > pr_notice("Ignoring BGRT: invalid version %u (expected 1)\n", > - bgrt_tab->version); > + bgrt_tab.version); > return; > } > - if (bgrt_tab->status & 0xfe) { > + if (bgrt_tab.status & 0xfe) { > pr_notice("Ignoring BGRT: reserved status bits are non-zero %u\n", > - bgrt_tab->status); > + bgrt_tab.status); > return; > } > - if (bgrt_tab->image_type != 0) { > + if (bgrt_tab.image_type != 0) { > pr_notice("Ignoring BGRT: invalid image type %u (expected 0)\n", > - bgrt_tab->image_type); > + bgrt_tab.image_type); > return; > } > - if (!bgrt_tab->image_address) { > + if (!bgrt_tab.image_address) { > pr_notice("Ignoring BGRT: null image address\n"); > return; > } > > - image = memremap(bgrt_tab->image_address, sizeof(bmp_header), MEMREMAP_WB); > + image = early_memremap(bgrt_tab.image_address, sizeof(bmp_header)); > if (!image) { > pr_notice("Ignoring BGRT: failed to map image header memory\n"); > return; > } > > memcpy(&bmp_header, image, sizeof(bmp_header)); > - memunmap(image); > + early_memunmap(image, sizeof(bmp_header)); > if (bmp_header.id != 0x4d42) { > pr_notice("Ignoring BGRT: Incorrect BMP magic number 0x%x (expected 0x4d42)\n", > bmp_header.id); > @@ -82,12 +77,5 @@ void __init efi_bgrt_init(void) > } > bgrt_image_size = bmp_header.size; > > - bgrt_image = memremap(bgrt_tab->image_address, bmp_header.size, MEMREMAP_WB); > - if (!bgrt_image) { > - pr_notice("Ignoring BGRT: failed to map image memory\n"); > - bgrt_image = NULL; > - return; > - } > - > - efi_mem_reserve(bgrt_tab->image_address, bgrt_image_size); > + efi_mem_reserve(bgrt_tab.image_address, bgrt_image_size); > } > --- linux-x86.orig/drivers/acpi/bgrt.c > +++ linux-x86/drivers/acpi/bgrt.c > @@ -15,40 +15,41 @@ > #include <linux/sysfs.h> > #include <linux/efi-bgrt.h> > > +static void *bgrt_image; [...] > @@ -84,9 +85,17 @@ static int __init bgrt_init(void) > { > int ret; > > - if (!bgrt_image) > + if (!bgrt_tab.image_address) > return -ENODEV; > > + bgrt_image = memremap(bgrt_tab.image_address, bgrt_image_size, > + MEMREMAP_WB); > + if (!bgrt_image) { > + pr_notice("Ignoring BGRT: failed to map image memory\n"); > + bgrt_image = NULL; > + return -ENOMEM; > + } > + > bin_attr_image.private = bgrt_image; > bin_attr_image.size = bgrt_image_size; > Thanks, Nicolai -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html