linux/arch/x86/kernel/acpi
Seunghun Han dad5ab0db8 x86/acpi: Prevent out of bound access caused by broken ACPI tables
The bus_irq argument of mp_override_legacy_irq() is used as the index into
the isa_irq_to_gsi[] array. The bus_irq argument originates from
ACPI_MADT_TYPE_IO_APIC and ACPI_MADT_TYPE_INTERRUPT items in the ACPI
tables, but is nowhere sanity checked.

That allows broken or malicious ACPI tables to overwrite memory, which
might cause malfunction, panic or arbitrary code execution.

Add a sanity check and emit a warning when that triggers.

[ tglx: Added warning and rewrote changelog ]

Signed-off-by: Seunghun Han <kkamagui@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: security@kernel.org
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: stable@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-07-20 10:27:59 +02:00
..
Makefile objtool, x86: Add several functions and files to the objtool whitelist 2017-06-30 10:19:19 +02:00
apei.c ACPI / APEI / ARM64: APEI initial support for ARM64 2016-12-02 00:24:34 +01:00
boot.c x86/acpi: Prevent out of bound access caused by broken ACPI tables 2017-07-20 10:27:59 +02:00
cppc_msr.c ACPI / CPPC: Add support for functional fixed hardware address 2016-09-08 23:02:14 +02:00
cstate.c x86/ACPI/cstate: Allow ACPI C1 FFH MWAIT use on AMD systems 2017-06-27 02:00:52 +02:00
sleep.c x86: Remap GDT tables in the fixmap section 2017-03-16 09:06:35 +01:00
sleep.h ACPICA: Cleanup asmlinkage for ACPICA APIs. 2013-10-31 14:37:35 +01:00
wakeup_32.S x86: Load __USER_DS into DS/ES after resume 2015-06-22 14:40:03 +02:00
wakeup_64.S x86/suspend: fix false positive KASAN warning on suspend/resume 2016-12-06 02:22:44 +01:00