* [PATCH] ACPI: bounds check IRQ to prevent memory corruption
@ 2008-08-01 21:58 Bjorn Helgaas
2008-08-01 22:52 ` Andi Kleen
0 siblings, 1 reply; 2+ messages in thread
From: Bjorn Helgaas @ 2008-08-01 21:58 UTC (permalink / raw)
To: Andi Kleen
Cc: Bjorn Helgaas, Andrew Morton, Natalie Protasevich, Jack Steiner,
Hidetoshi Seto, linux-acpi, linux-kernel
acpi_penalize_isa_irq() should validate irq before using it to
index the acpi_irq_penalty[] table.
Here's the path I'm concerned about:
pnpacpi_parse_allocated_irqresource()
{
...
irq = acpi_register_gsi(gsi, triggering, polarity);
if (irq >= 0)
pcibios_penalize_isa_irq(irq, 1);
There's no guarantee that acpi_register_gsi() will return an IRQ
within the bounds of acpi_irq_penalty[].
I have not seen a failure I can attribute to this. However,
ACPI_MAX_IRQS is only 256, and I'm pretty sure ia64 can have
IRQs larger than that.
I think this should go in 2.6.27.
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
---
drivers/acpi/pci_link.c | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/acpi/pci_link.c b/drivers/acpi/pci_link.c
index 89f3b2a..cf47805 100644
--- a/drivers/acpi/pci_link.c
+++ b/drivers/acpi/pci_link.c
@@ -849,7 +849,7 @@ static int __init acpi_irq_penalty_update(char *str, int used)
if (irq < 0)
continue;
- if (irq >= ACPI_MAX_IRQS)
+ if (irq >= ARRAY_SIZE(acpi_irq_penalty))
continue;
if (used)
@@ -872,10 +872,12 @@ static int __init acpi_irq_penalty_update(char *str, int used)
*/
void acpi_penalize_isa_irq(int irq, int active)
{
- if (active)
- acpi_irq_penalty[irq] += PIRQ_PENALTY_ISA_USED;
- else
- acpi_irq_penalty[irq] += PIRQ_PENALTY_PCI_USING;
+ if (irq >= 0 && irq < ARRAY_SIZE(acpi_irq_penalty)) {
+ if (active)
+ acpi_irq_penalty[irq] += PIRQ_PENALTY_ISA_USED;
+ else
+ acpi_irq_penalty[irq] += PIRQ_PENALTY_PCI_USING;
+ }
}
/*
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ACPI: bounds check IRQ to prevent memory corruption
2008-08-01 21:58 [PATCH] ACPI: bounds check IRQ to prevent memory corruption Bjorn Helgaas
@ 2008-08-01 22:52 ` Andi Kleen
0 siblings, 0 replies; 2+ messages in thread
From: Andi Kleen @ 2008-08-01 22:52 UTC (permalink / raw)
To: Bjorn Helgaas
Cc: Andi Kleen, Andrew Morton, Natalie Protasevich, Jack Steiner,
Hidetoshi Seto, linux-acpi, linux-kernel
On Fri, Aug 01, 2008 at 03:58:17PM -0600, Bjorn Helgaas wrote:
>
> acpi_penalize_isa_irq() should validate irq before using it to
> index the acpi_irq_penalty[] table.
Applied to test thanks.
> I think this should go in 2.6.27.
Agreed.
-Andi
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-08-01 22:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-08-01 21:58 [PATCH] ACPI: bounds check IRQ to prevent memory corruption Bjorn Helgaas
2008-08-01 22:52 ` Andi Kleen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox