From 44c78346f638635f3909d21230b978113f3423e0 Mon Sep 17 00:00:00 2001 From: Mateusz Guzik Date: Sun, 19 Jan 2020 21:35:51 +0000 Subject: [PATCH] x86: fix assertion in ipi_send_cpu to range check the passed id Prior to the change for sufficiently bad id (and in particular NOCPU which is -1) it would access memory outside of the cpu_apic_ids array. --- sys/x86/x86/mp_x86.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/x86/x86/mp_x86.c b/sys/x86/x86/mp_x86.c index 8a3497cada54..efe221c86f24 100644 --- a/sys/x86/x86/mp_x86.c +++ b/sys/x86/x86/mp_x86.c @@ -1233,7 +1233,8 @@ ipi_send_cpu(int cpu, u_int ipi) u_int bitmap, old, new; u_int *cpu_bitmap; - KASSERT(cpu_apic_ids[cpu] != -1, ("IPI to non-existent CPU %d", cpu)); + KASSERT((u_int)cpu < MAXCPU && cpu_apic_ids[cpu] != -1, + ("IPI to non-existent CPU %d", cpu)); if (IPI_IS_BITMAPED(ipi)) { bitmap = 1 << ipi;