]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
gpiolib: acpi: Prevent out-of-bounds pin access in OperationRegion handler
authorMarco Scardovi <scardracs@disroot.org>
Wed, 10 Jun 2026 15:42:04 +0000 (17:42 +0200)
committerBartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
Wed, 17 Jun 2026 06:14:30 +0000 (08:14 +0200)
commitae9f812df3149729643d27d2af488c112f62af9a
treee58ede39ff4765163b965d0b5671e57d9e82186a
parentdece79032f529d2c9fdbf63a9f2fc32244722775
gpiolib: acpi: Prevent out-of-bounds pin access in OperationRegion handler

The ACPI GPIO OperationRegion handler receives pin offsets as a
64-bit address. Previously, this value could be assigned to a pin index
without validation, potentially causing out-of-bounds access if
the ACPI table provides an invalid offset.

This patch explicitly checks that the 64-bit address is less than
agpio->pin_table_length before using it, returning AE_BAD_PARAMETER
if the check fails. Additionally, it makes the length calculation
overflow-safe and ensures proper unsigned types for loop counters.

This corrects the commit message from v5 to accurately reflect the
underlying issue, removing references to truncation or wrap-around,
which do not occur in ACPICA.

Assisted-by: Antigravity:gemini-3.5-flash
Signed-off-by: Marco Scardovi <scardracs@disroot.org>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Link: https://patch.msgid.link/20260610154204.110379-3-scardracs@disroot.org
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
drivers/gpio/gpiolib-acpi-core.c