Re: [Qemu-devel] [PATCH v4 0/7] pc: Ensure APIC ID limits before aborting or corrupting memory

["Michael S. Tsirkin" <mst@redhat.com>]

On Fri, Mar 14, 2014 at 04:33:49PM -0300, Eduardo Habkost wrote:
> Changes v3 -> v4:
>  * Commit message update on patch 5/7
>  * Small comment change (s/should/shall/) on patch 6/7
> 
> Changes v2 -> v3:
>  * Don't use MAX_CPUMASK_BITS on acpi-build.c, use ACPI_CPU_HOTPLUG_ID_LIMIT;
>  * Rename MAX_CPUMASK_BITS to MAX_CPUS, and document it;
>  * Use MAX_CPUS when checking max_cpus limit on vl.c.
> 
> Changes v1 -> v2:
>  * None. v1 was tagged locally by mistake and never submitted to qemu-devel.
> 
> This series adds checks for APIC ID limits on initialization and CPU hotplug
> code.  This fixes multiple issues:
> 
> 1) Assertion failure when -smp parameter results in a too large APIC ID. e.g.:
> 
>     $ ./install/bin/qemu-system-x86_64 -S -smp 254,cores=17,threads=17,sockets=17,maxcpus=254 -nographic
>     **
>     ERROR:hw/acpi/cpu_hotplug.c:58:AcpiCpuHotplug_init: assertion failed: ((id / 8) < ACPI_GPE_PROC_LEN)
>     Aborted (core dumped)
> 
> 2) Memory corruption on AcpiCpuHotplug_add() when APIC ID is too large (similar

Thanks, applied!

> 
> Eduardo Habkost (7):
>   acpi: Add ACPI_CPU_HOTPLUG_ID_LIMIT macro
>   pc: Refuse CPU hotplug if the resulting APIC ID is too large
>   acpi: Assert sts array limit on AcpiCpuHotplug_add()
>   acpi: Don't use MAX_CPUMASK_BITS for APIC ID bitmap
>   pc: Refuse max_cpus if it results in too large APIC ID
>   vl.c: Rename MAX_CPUMASK_BITS to MAX_CPUS
>   vl.c: Use MAX_CPUS macro instead of hardcoded constant
> 
>  hw/acpi/cpu_hotplug.c              |  1 +
>  hw/i386/acpi-build.c               |  4 ++--
>  hw/i386/pc.c                       | 16 ++++++++++++++++
>  include/hw/acpi/cpu_hotplug_defs.h |  8 ++++++++
>  include/sysemu/sysemu.h            |  9 ++++++++-
>  vl.c                               | 12 ++++++------
>  6 files changed, 41 insertions(+), 9 deletions(-)
> 
> -- 
> 1.8.5.3