From d0af08c4ba3e400049d246d72401ce36d3bee98a Mon Sep 17 00:00:00 2001
From: John Baldwin <jhb@FreeBSD.org>
Date: Sat, 9 Sep 2023 12:13:57 -0700
Subject: [PATCH] gic_acpi: Limit the number of CPUs to GIC_MAXCPU

madt_table_data contains an array of pointers for each CPU and was
allocated on the stack.  If MAXCPU is raised to a sufficiently large
value this can overflow the kernel stack.  Cap the stack growth by
using GIC_MAXCPU instead as for other parts of the gicv1/v2 driver in
commit a0e20c0ded1a.

Suggested by:	andrew
Reviewed by:	andrew, emaste
Obtained from:	CheriBSD
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D41800
---
 sys/arm/arm/gic_acpi.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/arm/arm/gic_acpi.c b/sys/arm/arm/gic_acpi.c
index e18bc12faf4..56ff78f9b68 100644
--- a/sys/arm/arm/gic_acpi.c
+++ b/sys/arm/arm/gic_acpi.c
@@ -84,7 +84,7 @@ EARLY_DRIVER_MODULE(gic, acpi, gic_acpi_driver, 0, 0,
 struct madt_table_data {
 	device_t parent;
 	ACPI_MADT_GENERIC_DISTRIBUTOR *dist;
-	ACPI_MADT_GENERIC_INTERRUPT *intr[MAXCPU];
+	ACPI_MADT_GENERIC_INTERRUPT *intr[GIC_MAXCPU];
 };
 
 static void
@@ -107,7 +107,7 @@ madt_handler(ACPI_SUBTABLE_HEADER *entry, void *arg)
 		break;
 	case ACPI_MADT_TYPE_GENERIC_INTERRUPT:
 		intr = (ACPI_MADT_GENERIC_INTERRUPT *)entry;
-		if (intr->CpuInterfaceNumber < MAXCPU)
+		if (intr->CpuInterfaceNumber < GIC_MAXCPU)
 			madt_data->intr[intr->CpuInterfaceNumber] = intr;
 		break;
 	}
@@ -151,7 +151,7 @@ gic_acpi_identify(driver_t *driver, device_t parent)
 	}
 
 	intr = NULL;
-	for (i = 0; i < MAXCPU; i++) {
+	for (i = 0; i < GIC_MAXCPU; i++) {
 		if (madt_data.intr[i] != NULL) {
 			if (intr == NULL) {
 				intr = madt_data.intr[i];