From: Marc Zyngier maz@kernel.org
mainline inclusion from mainline-v5.13-rc1 commit 2a20b08f06e70860272bc7f52b5423c1b2f06696 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4T7OX CVE: NA
--------------------------------
When using ACPI on arm64, which implies the GIC IRQ model, no table should ever provide a GSI number in the range [0:15], as these are reserved for IPIs.
However, drivers tend to call acpi_unregister_gsi() with any random GSI number provided by half baked tables, which results in an exploding kernel when its IPIs have been unconfigured.
In order to catch this, check for the silly case early, warn that something is going wrong and avoid the above disaster.
Signed-off-by: Marc Zyngier maz@kernel.org Reviewed-by: Sudeep Holla sudeep.holla@arm.com Tested-by: dann frazier dann.frazier@canonical.com Tested-by: Hanjun Guo guohanjun@huawei.com Reviewed-by: Hanjun Guo guohanjun@huawei.com Reviewed-by: Lorenzo Pieralisi lorenzo.pieralisi@arm.com Link: https://lore.kernel.org/r/20210421164317.1718831-3-maz@kernel.org Signed-off-by: Catalin Marinas catalin.marinas@arm.com Signed-off-by: Xiongfeng Wang wangxiongfeng2@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- drivers/acpi/irq.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/acpi/irq.c b/drivers/acpi/irq.c index e209081d644b..c68e694fca26 100644 --- a/drivers/acpi/irq.c +++ b/drivers/acpi/irq.c @@ -75,8 +75,12 @@ void acpi_unregister_gsi(u32 gsi) { struct irq_domain *d = irq_find_matching_fwnode(acpi_gsi_domain_id, DOMAIN_BUS_ANY); - int irq = irq_find_mapping(d, gsi); + int irq;
+ if (WARN_ON(acpi_irq_model == ACPI_IRQ_MODEL_GIC && gsi < 16)) + return; + + irq = irq_find_mapping(d, gsi); irq_dispose_mapping(irq); } EXPORT_SYMBOL_GPL(acpi_unregister_gsi);