io_apic: Don't route to APIC ID > 255

I/O APIC Redirection Table Entries use 8 bits to encode the Destination
ID.  Attempting to route an IRQ to a higher APIC ID would result in it
being silently routed to the value reduced modulo 256, causing a panic
if the IRQ fired since the receiving CPU would not expect that IRQ.

Instead, print a warning and mark the interrupt as invalid, resulting
in it being forcibly masked.

Reviewed by:	kib
Tested on:	EC2 r8i.96xlarge
MFC after:	3 weeks
Sponsored by:	Amazon
Differential Revision:	https://reviews.freebsd.org/D55857
This commit is contained in:
Colin Percival
2026-03-14 05:51:04 +00:00
parent 1d0ccd6156
commit 5809c9a77b
+13 -3
View File
@@ -364,10 +364,20 @@ ioapic_program_intpin(struct ioapic_intsrc *intpin)
/*
* Set the destination. Note that with Intel interrupt remapping,
* the previously reserved bits 55:48 now have a purpose so ensure
* these are zero.
* these are zero. If the CPU number (in fact, APIC ID) is too
* large, mark the interrupt as invalid, and target CPU #0.
*/
low = IOART_DESTPHY;
high = intpin->io_cpu << APIC_ID_SHIFT;
if (intpin->io_cpu <= IOAPIC_MAX_ID) {
low = IOART_DESTPHY;
high = intpin->io_cpu << APIC_ID_SHIFT;
intpin->io_valid = 1;
} else {
printf("%s: unsupported destination APIC ID %u for pin %u\n",
__func__, intpin->io_cpu, intpin->io_intpin);
low = IOART_DESTPHY;
high = 0 << APIC_ID_SHIFT;
intpin->io_valid = 0;
}
/* Program the rest of the low word. */
if (intpin->io_edgetrigger)