Description of problem: the GET_INDEX macro in arch/i386/pci/fixup.c fails to only use the lower 3 bits of a pci devices devfn value. As such, certain pcidevices with a sufficiently large bus/device/function tuple can index too far into the quirk_aspm_offset array, overwriting parts of memory Version-Release number of selected component (if applicable): RHEL4, all versions How reproducible: Unknown Steps to Reproduce: 1. 2. 3. Actual results: memory which is allocated immediately after the quirk_aspm_offset array can become corrupted Expected results: No memory corruption Additional info:
Created attachment 116008 [details] Backport of Intels upstream patch to restrict the GET_INDEX array to only use the lower 3 bits of the devfn value
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-514.html