Date: Sun, 19 Jan 2020 21:35:52 +0000 (UTC) From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r356897 - head/sys/x86/x86 Message-ID: <202001192135.00JLZqvE069235@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mjg Date: Sun Jan 19 21:35:51 2020 New Revision: 356897 URL: https://svnweb.freebsd.org/changeset/base/356897 Log: x86: fix assertion in ipi_send_cpu to range check the passed id Prior to the change for sufficiently bad id (and in particular NOCPU which is -1) it would access memory outside of the cpu_apic_ids array. Modified: head/sys/x86/x86/mp_x86.c Modified: head/sys/x86/x86/mp_x86.c ============================================================================== --- head/sys/x86/x86/mp_x86.c Sun Jan 19 21:17:57 2020 (r356896) +++ head/sys/x86/x86/mp_x86.c Sun Jan 19 21:35:51 2020 (r356897) @@ -1233,7 +1233,8 @@ ipi_send_cpu(int cpu, u_int ipi) u_int bitmap, old, new; u_int *cpu_bitmap; - KASSERT(cpu_apic_ids[cpu] != -1, ("IPI to non-existent CPU %d", cpu)); + KASSERT((u_int)cpu < MAXCPU && cpu_apic_ids[cpu] != -1, + ("IPI to non-existent CPU %d", cpu)); if (IPI_IS_BITMAPED(ipi)) { bitmap = 1 << ipi;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202001192135.00JLZqvE069235>