Re: [PATCH] x86/boot: Reject truncated acpi_rsdp= values

Next message: David Hildenbrand (Arm): "[PATCH] tmp"
Previous message: Dan Carpenter: "Re: [PATCH 1/3] staging: rtl8723bs: Replace bare 'uint' with 'unsigned int' in rtw_cmd.c"
In reply to: Borislav Petkov: "Re: [PATCH] x86/boot: Reject truncated acpi_rsdp= values"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/boot: Reject truncated acpi_rsdp= values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Thorsten Blum

Date: Fri Jun 19 2026 - 03:58:25 EST

On Thu, Jun 18, 2026 at 07:48:14PM -0700, Borislav Petkov wrote:
> On Fri, Jun 19, 2026 at 03:00:54AM +0200, Thorsten Blum wrote:
> > You can reproduce this with QEMU using the malformed example from
> > before:
> >
> > acpi_rsdp=0x0123456789abcdefx
>
> I just did: it says
>
> [ 0.000000] Malformed early option 'acpi_rsdp'
>
> with latest Linus tree without your patch.
>
> That's because that comes from setup_acpi_rsdp() which calls kstrtoul().
>
> I doubt you even hit get_cmdline_acpi_rsdp() as that's the decompressor legacy
> path and modern machines boot through the EFI stub like my guest does...

Are you perhaps appending nokaslr?

With the latest Linus tree, defconfig, and CONFIG_MEMORY_HOTREMOVE=y,
this crashes reproducibly for me, but only when KASLR is not disabled:

qemu-system-x86_64 -nographic -no-reboot -kernel arch/x86/boot/bzImage -append "console=ttyS0 acpi_rsdp=0x0123456789abcdefx"