Date: Sat, 28 Mar 2026 05:56:27 +0000 From: Colin Percival <cperciva@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 5809c9a77b2d - main - io_apic: Don't route to APIC ID > 255 Message-ID: <69c76d8b.40425.6f5ee91e@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=5809c9a77b2d3b83c056ba3ac5ba4e261c0af595 commit 5809c9a77b2d3b83c056ba3ac5ba4e261c0af595 Author: Colin Percival <cperciva@FreeBSD.org> AuthorDate: 2026-03-14 05:51:04 +0000 Commit: Colin Percival <cperciva@FreeBSD.org> CommitDate: 2026-03-28 05:53:42 +0000 io_apic: Don't route to APIC ID > 255 I/O APIC Redirection Table Entries use 8 bits to encode the Destination ID. Attempting to route an IRQ to a higher APIC ID would result in it being silently routed to the value reduced modulo 256, causing a panic if the IRQ fired since the receiving CPU would not expect that IRQ. Instead, print a warning and mark the interrupt as invalid, resulting in it being forcibly masked. Reviewed by: kib Tested on: EC2 r8i.96xlarge MFC after: 3 weeks Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D55857 --- sys/x86/x86/io_apic.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/sys/x86/x86/io_apic.c b/sys/x86/x86/io_apic.c index 03d85acabb1a..5d28b7e8c611 100644 --- a/sys/x86/x86/io_apic.c +++ b/sys/x86/x86/io_apic.c @@ -364,10 +364,20 @@ ioapic_program_intpin(struct ioapic_intsrc *intpin) /* * Set the destination. Note that with Intel interrupt remapping, * the previously reserved bits 55:48 now have a purpose so ensure - * these are zero. + * these are zero. If the CPU number (in fact, APIC ID) is too + * large, mark the interrupt as invalid, and target CPU #0. */ - low = IOART_DESTPHY; - high = intpin->io_cpu << APIC_ID_SHIFT; + if (intpin->io_cpu <= IOAPIC_MAX_ID) { + low = IOART_DESTPHY; + high = intpin->io_cpu << APIC_ID_SHIFT; + intpin->io_valid = 1; + } else { + printf("%s: unsupported destination APIC ID %u for pin %u\n", + __func__, intpin->io_cpu, intpin->io_intpin); + low = IOART_DESTPHY; + high = 0 << APIC_ID_SHIFT; + intpin->io_valid = 0; + } /* Program the rest of the low word. */ if (intpin->io_edgetrigger)home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69c76d8b.40425.6f5ee91e>