From: Igor Mammedov <imammedo@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com,
x86@kernel.org, imammedo@redhat.com, bp@suse.de,
paul.gortmaker@windriver.com, JBeulich@suse.com,
prarit@redhat.com, drjones@redhat.com, toshi.kani@hp.com,
riel@redhat.com, gong.chen@linux.intel.com, andi@firstfloor.org,
lenb@kernel.org, rjw@rjwysocki.net, linux-acpi@vger.kernel.org
Subject: [PATCH v4 2/5] x86: fix memory corruption in acpi_unmap_lsapic()
Date: Mon, 14 Apr 2014 17:11:14 +0200 [thread overview]
Message-ID: <1397488277-14865-3-git-send-email-imammedo@redhat.com> (raw)
In-Reply-To: <1397488277-14865-1-git-send-email-imammedo@redhat.com>
if during CPU hotplug master CPU failed to wake up AP
it set percpu x86_cpu_to_apicid to BAD_APICID=0xFFFF for AP.
However following attempt to unplug that CPU will lead to
out of bound write access to __apicid_to_node[] which is
32768 items long on x86_64 kernel.
So drop setting x86_cpu_to_apicid to BAD_APICID in do_boot_cpu()
and allow acpi_processor_remove()->acpi_unmap_lsapic() cleanly
remove CPU.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
---
arch/x86/kernel/smpboot.c | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index 6124f15..2988f69 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -859,8 +859,6 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
/* was set by cpu_init() */
cpumask_clear_cpu(cpu, cpu_initialized_mask);
-
- per_cpu(x86_cpu_to_apicid, cpu) = BAD_APICID;
}
/* mark "stuck" area as not stuck */
--
1.7.1
next prev parent reply other threads:[~2014-04-14 15:11 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-14 15:11 [PATCH v4 0/5] x86: fix hang when AP bringup is too slow Igor Mammedov
2014-04-14 15:11 ` [PATCH v4 1/5] x86: fix list corruption on CPU hotplug Igor Mammedov
2014-04-30 21:18 ` Toshi Kani
2014-04-14 15:11 ` Igor Mammedov [this message]
2014-04-14 15:11 ` [PATCH v4 3/5] acpi_processor: do not mark present at boot but not onlined CPU as onlined Igor Mammedov
2014-04-15 5:48 ` Rafael J. Wysocki
2014-04-15 6:00 ` Igor Mammedov
2014-04-15 6:04 ` Ingo Molnar
2014-04-15 15:48 ` Rafael J. Wysocki
2014-04-15 5:53 ` Rafael J. Wysocki
2014-04-30 21:25 ` Toshi Kani
2014-05-02 11:32 ` Igor Mammedov
2014-05-02 17:23 ` Toshi Kani
2014-04-14 15:11 ` [PATCH v4 4/5] x86: log error on secondary CPU wakeup failure at ERR level Igor Mammedov
2014-04-30 21:30 ` Toshi Kani
2014-04-14 15:11 ` [PATCH v4 5/5] x86: initialize secondary CPU only if master CPU will wait for it Igor Mammedov
2014-05-01 23:11 ` Toshi Kani
2014-05-02 8:21 ` Igor Mammedov
2014-05-02 14:52 ` Toshi Kani
2014-05-05 20:26 ` Igor Mammedov
2014-04-29 8:36 ` [PATCH v4 0/5] x86: fix hang when AP bringup is too slow Igor Mammedov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1397488277-14865-3-git-send-email-imammedo@redhat.com \
--to=imammedo@redhat.com \
--cc=JBeulich@suse.com \
--cc=andi@firstfloor.org \
--cc=bp@suse.de \
--cc=drjones@redhat.com \
--cc=gong.chen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=paul.gortmaker@windriver.com \
--cc=prarit@redhat.com \
--cc=riel@redhat.com \
--cc=rjw@rjwysocki.net \
--cc=tglx@linutronix.de \
--cc=toshi.kani@hp.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.