| Message ID | 1397150061-29735-5-git-send-email-imammedo@redhat.com (mailing list archive) |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
* Igor Mammedov <imammedo@redhat.com> wrote: > if during CPU hotplug master CPU failed to wake up AP > it set percpu x86_cpu_to_apicid to BAD_APICID=0xFFFF for AP. > > However following attempt to unplug that CPU will lead to > out of bound write access to __apicid_to_node[] which is > 32768 items long on x86_64 kernel. > > So drop setting x86_cpu_to_apicid to BAD_APICID in do_boot_cpu() > and allow acpi_processor_remove()->acpi_unmap_lsapic() cleanly > remove CPU. Same suggestion as for the other fix patch: the fix should precede the patch that exposes it. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c index e7c15d7..44903ad 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -821,8 +821,6 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) udelay(100); schedule(); } - } else { - per_cpu(x86_cpu_to_apicid, cpu) = BAD_APICID; } /* mark "stuck" area as not stuck */
if during CPU hotplug master CPU failed to wake up AP it set percpu x86_cpu_to_apicid to BAD_APICID=0xFFFF for AP. However following attempt to unplug that CPU will lead to out of bound write access to __apicid_to_node[] which is 32768 items long on x86_64 kernel. So drop setting x86_cpu_to_apicid to BAD_APICID in do_boot_cpu() and allow acpi_processor_remove()->acpi_unmap_lsapic() cleanly remove CPU. Signed-off-by: Igor Mammedov <imammedo@redhat.com> --- arch/x86/kernel/smpboot.c | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-)