1. Patchew
  2. linux
  3. View series

[PATCH v2] x86/pci: Check signature before assigning shadow ROM

Tomita Moeko posted 1 patch 2 months ago 
arch/x86/pci/fixup.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
[PATCH v2] x86/pci: Check signature before assigning shadow ROM
Posted by Tomita Moeko 2 months ago 
Recent IGD platforms without VBIOS or UEFI CSM support do not contain
VGA ROM at 0xC0000. Check whether the VGA ROM region is a valid PCI
option ROM with 0xAA55 signature before assigning the shadow ROM to
the default PCI VGA controller.

Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com>
---
Changelog:
v2:
* Use memmap() instead of iomap() as the shadow ROM is copied to RAM by
  BIOS
* Only map the first 2 bytes for the signature check.
Link: https://lore.kernel.org/all/20250406090835.7721-1-tomitamoeko@gmail.com/

 arch/x86/pci/fixup.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c
index 25076a5acd96..10dce90e0e00 100644
--- a/arch/x86/pci/fixup.c
+++ b/arch/x86/pci/fixup.c
@@ -357,6 +357,18 @@ static void pci_fixup_video(struct pci_dev *pdev)
 	struct pci_bus *bus;
 	u16 config;
 	struct resource *res;
+	void *rom;
+	u16 sig;
+
+	/* Does VBIOS region contain a valid PCI ROM? */
+	rom = memremap(0xC0000, sizeof(sig), MEMREMAP_WB);
+	if (!rom)
+		return;
+
+	memcpy(&sig, rom, sizeof(sig));
+	memunmap(rom);
+	if (sig != 0xAA55)
+		return;
 
 	/* Is VGA routed to us? */
 	bus = pdev->bus;
-- 
2.51.0
Re: [PATCH v2] x86/pci: Check signature before assigning shadow ROM
Posted by Lukas Wunner 2 months ago 
On Thu, Oct 16, 2025 at 04:19:00PM +0800, Tomita Moeko wrote:
> Recent IGD platforms without VBIOS or UEFI CSM support do not contain
> VGA ROM at 0xC0000. Check whether the VGA ROM region is a valid PCI
> option ROM with 0xAA55 signature before assigning the shadow ROM to
> the default PCI VGA controller.
[...]
> +++ b/arch/x86/pci/fixup.c
> @@ -357,6 +357,18 @@ static void pci_fixup_video(struct pci_dev *pdev)
>  	struct pci_bus *bus;
>  	u16 config;
>  	struct resource *res;
> +	void *rom;
> +	u16 sig;
> +
> +	/* Does VBIOS region contain a valid PCI ROM? */
> +	rom = memremap(0xC0000, sizeof(sig), MEMREMAP_WB);
> +	if (!rom)
> +		return;
> +
> +	memcpy(&sig, rom, sizeof(sig));
> +	memunmap(rom);
> +	if (sig != 0xAA55)
> +		return;
>  
>  	/* Is VGA routed to us? */
>  	bus = pdev->bus;

I have to ask again, in arch/x86/kernel/probe_roms.c:probe_roms(),
the signature is already verified.  If it doesn't match, the
video_rom_resource isn't added to iomem_resource.

Which makes me wonder, wouldn't it be sufficient to just do
something like:

	if (!lookup_resource(&iomem_resource, 0xC0000))
		return;

Another thought I have, I'd move the code you're inserting further
down, perhaps after the while-loop.  Actually the existing code
isn't very pretty, there should be a return after failure of the
vga_default_device checks and after the Command register check
so that the actual resource adjustment doesn't need to be indented.

Thanks,

Lukas

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.