Re: [PATCH] ACPI: PRM: Fix off-by-one in efi_pa_va_lookup() address range check

[Rafael J. Wysocki]

On Tue, Jun 23, 2026 at 7:57 AM Guanghui Feng
<guanghuifeng@xxxxxxxxxxxxxxxxx> wrote:
>
> The boundary check in efi_pa_va_lookup() uses a strict less-than
> comparison (md->phys_addr < pa), which incorrectly excludes the case
> where the lookup address equals the start of an EFI memory descriptor's
> physical address range.
>
> This causes a lookup failure when a PRM handler address happens to be
> at the exact start of a runtime memory region, as the descriptor that
> should match gets skipped.
>
> Fix this by using a non-strict comparison (md->phys_addr <= pa) to
> include the region start address, consistent with the standard
> __efi_mem_desc_lookup() implementation in drivers/firmware/efi/efi.c.
>
> Fixes: cefc7ca46235 ("ACPI: PRM: implement OperationRegion handler for the PlatformRtMechanism subtype")
> Signed-off-by: Guanghui Feng <guanghui.fgh@xxxxxxxxxxxxxxxxx>
> ---
>  drivers/acpi/prmt.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/acpi/prmt.c b/drivers/acpi/prmt.c
> index 7f5851371e5f..fcc17ce0a88e 100644
> --- a/drivers/acpi/prmt.c
> +++ b/drivers/acpi/prmt.c
> @@ -80,7 +80,7 @@ static u64 efi_pa_va_lookup(efi_guid_t *guid, u64 pa)
>
>         for_each_efi_memory_desc(md) {
>                 if ((md->attribute & EFI_MEMORY_RUNTIME) &&
> -                   (md->phys_addr < pa && pa < md->phys_addr + PAGE_SIZE * md->num_pages)) {
> +                   (md->phys_addr <= pa && pa < md->phys_addr + PAGE_SIZE * md->num_pages)) {
>                         return pa_offset + md->virt_addr + page - md->phys_addr;
>                 }
>         }
> --

Sashiko sees a problem with this change which might cause an absent
buffer to be mapped incorrectly:

https://sashiko.dev/#/patchset/20260623055703.3793586-1-guanghuifeng%40linux.alibaba.com

Some more complex changes appear to be needed to address the problem at hand.