Files
android_kernel_xiaomi_sm8450/drivers/acpi/pci_link.c
Bjorn Helgaas fa46d35264 ACPI: bounds check IRQ to prevent memory corruption
acpi_penalize_isa_irq() should validate irq before using it to
index the acpi_irq_penalty[] table.

Here's the path I'm concerned about:

    pnpacpi_parse_allocated_irqresource()
    {
	...
	irq = acpi_register_gsi(gsi, triggering, polarity);
	if (irq >= 0)
		pcibios_penalize_isa_irq(irq, 1);

There's no guarantee that acpi_register_gsi() will return an IRQ
within the bounds of acpi_irq_penalty[].

I have not seen a failure I can attribute to this.  However,
ACPI_MAX_IRQS is only 256, and I'm pretty sure ia64 can have
IRQs larger than that.

I think this should go in 2.6.27.

Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
2008-08-15 03:17:07 +02:00

24 KiB