Linux Kernel x86/APIC: Improper Handling of x2APIC Mode on Resume from Sleep State

A vulnerability in the Linux kernel's x86 APIC handling can lead to system hangs when resuming from sleep states S2 or S3. During this process, the firmware may re-enable x2APIC mode, which could have been disabled by the kernel at boot for compatibility reasons. This mismatch causes the kernel to use the xAPIC interface while the hardware is in x2APIC mode, leading to hangs. The issue occurs on a default configuration, bare metal systems, and has been addressed by modifying the lapic_resume() function to disable x2APIC when the kernel expects it to be off.

Impact

The vulnerability can cause system hangs, disrupting normal operations and potentially leading to a denial of service.

Reproduction

To reproduce this issue, boot a system with the Linux kernel that supports x2APIC. Ensure that the kernel disables x2APIC during boot, then put the system to sleep using s2ram. Upon waking the system, the firmware may re-enable x2APIC, causing a mismatch with the kernel's expectations and leading to a hang.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree. Users can upgrade to the latest version of the stable kernel to address this issue.