Re: [PATCH] x86/boot: Reject truncated acpi_rsdp= values

Next message: JP Kobryn: "Re: [PATCH v2] mm/page_alloc: use existing highatomic reserves on the buddy fastpath"
Previous message: Jeffrey E Altman: "Re: [PATCH net v2 01/10] rxrpc: input: reject ACKALL outside transmit phase"
In reply to: Borislav Petkov: "Re: [PATCH] x86/boot: Reject truncated acpi_rsdp= values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Thorsten Blum

Date: Fri Jun 19 2026 - 17:43:32 EST

On Fri, Jun 19, 2026 at 01:24:21PM -0700, Borislav Petkov wrote:
> On Fri, Jun 19, 2026 at 09:57:58AM +0200, Thorsten Blum wrote:
> > Are you perhaps appending nokaslr?
>
> Yes, removed it. Same thing.
>
> > With the latest Linus tree, defconfig, and CONFIG_MEMORY_HOTREMOVE=y,
> > this crashes reproducibly for me, but only when KASLR is not disabled:
> >
> > qemu-system-x86_64 -nographic -no-reboot -kernel arch/x86/boot/bzImage -append "console=ttyS0 acpi_rsdp=0x0123456789abcdefx"
>
> As said, efistub entry point bypassing get_cmdline_acpi_rsdp():
>
> ...
> -drive if=pflash,format=raw,unit=0,file=/home/boris/kvm/debian/uefi/OVMF_CODE_4M-sid-uefi.fd,readonly=on
> -drive if=pflash,format=raw,unit=1,file=/home/boris/kvm/debian/uefi/OVMF_VARS_4M-sid-uefi.fd,readonly=of
> ...
>
> So I can't reproduce it.

Right, but that is a different setup, which bypasses
get_cmdline_acpi_rsdp() and is not expected to reproduce this bug.

Could you please try the exact direct kernel boot reproducer I provided,
using defconfig and CONFIG_MEMORY_HOTREMOVE=y?

$ qemu-system-x86_64 -nographic -no-reboot -kernel arch/x86/boot/bzImage -append "console=ttyS0 acpi_rsdp=0x0123456789abcdefx"

That path reaches get_cmdline_acpi_rsdp() and should crash during early
boot without the patch. Thanks.