On Fri, Sep 23, 2016 at 5:08 PM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
> map_processor() checks the cpuid value returned by acpi_map_cpuid() for -1
> but acpi_map_cpuid() returns -EINVAL in case of error.
>
> As a consequence the error is ignored and the following access into percpu
> data with that negative cpuid results in a boot crash.
>
> This happens always when NR_CPUS/nr_cpu_ids is smaller than the number of
> processors listed in the ACPI tables.
>
> Use a proper error check for id < 0 so the function returns instead of
> trying to map CPU#(-EINVAL).
>
> Reported-by: Ingo Molnar <mingo@xxxxxxxxxx>
> Fixes: dc6db24d2476 ("x86/acpi: Set persistent cpuid <-> nodeid mapping when booting")
> Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
It looks like the commit in the Fixes tag is in the tip tree now, so
the fix should better go in via tip as well IMO.
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@xxxxxxxxx>
> ---
> drivers/acpi/processor_core.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> --- a/drivers/acpi/processor_core.c
> +++ b/drivers/acpi/processor_core.c
> @@ -284,7 +284,7 @@ EXPORT_SYMBOL_GPL(acpi_get_cpuid);
> static bool __init
> map_processor(acpi_handle handle, phys_cpuid_t *phys_id, int *cpuid)
> {
> - int type;
> + int type, id;
> u32 acpi_id;
> acpi_status status;
> acpi_object_type acpi_type;
> @@ -320,10 +320,11 @@ map_processor(acpi_handle handle, phys_c
> type = (acpi_type == ACPI_TYPE_DEVICE) ? 1 : 0;
>
> *phys_id = __acpi_get_phys_id(handle, type, acpi_id, false);
> - *cpuid = acpi_map_cpuid(*phys_id, acpi_id);
> - if (*cpuid == -1)
> - return false;
> + id = acpi_map_cpuid(*phys_id, acpi_id);
>
> + if (id < 0)
> + return false;
> + *cpuid = id;
> return true;
> }
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>