From d5d9b280de718f0d5e458b227f3684ec7a7a1d3c Mon Sep 17 00:00:00 2001 From: Jonathan Zhang Date: Mon, 7 Nov 2022 17:30:14 -0800 Subject: acpi/acpi.c: Fix einj generation pointer arithmetics Without a cast the aritmetics of tat = einj + sizeof(acpi_einj_smi_t) is the same as tat = (uintptr_t)einj + size(acpi_einj_smi_t) * size(acpi_einj_smi_t) So it overshoots the intended offset by a lot. This issue only came apparent because now einj is in the small IMD region which is close to TSEG. With the wrong aritmetics the tat pointer ended up inside TSEG which is not accessible from the OS causing exceptions. TEST: observe that tat pointer is inside the small IMD below TSEG (0x78000000 on our setup). "acpi_create_einj trigger_action_table = 0x77ffe89c" Change-Id: I3ab64b95c33eef01b2048816a21e17855bcb2f54 Signed-off-by: Arthur Heymans Signed-off-by: Jonathan Zhang Reviewed-on: https://review.coreboot.org/c/coreboot/+/69326 Tested-by: build bot (Jenkins) Reviewed-by: Marc Jones --- src/acpi/acpi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/acpi/acpi.c b/src/acpi/acpi.c index 3ddb1d02ed..e1d40881c2 100644 --- a/src/acpi/acpi.c +++ b/src/acpi/acpi.c @@ -888,7 +888,7 @@ void acpi_create_einj(acpi_einj_t *einj, uintptr_t addr, u8 actions) printk(BIOS_DEBUG, "%s einj_smi = %p\n", __func__, einj_smi); memset(einj_smi, 0, sizeof(acpi_einj_smi_t)); - tat = (acpi_einj_trigger_table_t *)(einj_smi + sizeof(acpi_einj_smi_t)); + tat = (acpi_einj_trigger_table_t *)((uint8_t *)einj_smi + sizeof(acpi_einj_smi_t)); tat->header_size = 16; tat->revision = 0; tat->table_size = sizeof(acpi_einj_trigger_table_t) + -- cgit v1.2.3