| Message ID | 161531347060.252863.10490063933688958044.stgit@bahia.lan (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/apply_patch | success | Successfully applied on branch powerpc/merge (91966823812efbd175f904599e5cf2a854b39809) |
| snowpatch_ozlabs/build-ppc64le | success | Build succeeded |
| snowpatch_ozlabs/build-ppc64be | success | Build succeeded |
| snowpatch_ozlabs/build-ppc64e | success | Build succeeded |
| snowpatch_ozlabs/build-pmac32 | success | Build succeeded |
| snowpatch_ozlabs/checkpatch | warning | total: 0 errors, 1 warnings, 0 checks, 24 lines checked |
| snowpatch_ozlabs/needsstable | success | Patch has no Fixes tags |
On 3/9/21 7:11 PM, Greg Kurz wrote: > All these commands end up peeking into the PACA using the user originated > cpu id as an index. Check the cpu id is valid in order to prevent xmon to > crash. Instead of printing an error, this follows the same behavior as the > "lp s #" command : ignore the buggy cpu id parameter and fall back to the > #-less version of the command. > > Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> > --- > arch/powerpc/xmon/xmon.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c > index 80fbf8968f77..d3d6e044228e 100644 > --- a/arch/powerpc/xmon/xmon.c > +++ b/arch/powerpc/xmon/xmon.c > @@ -1248,7 +1248,7 @@ static int cpu_cmd(void) > unsigned long cpu, first_cpu, last_cpu; > int timeout; > > - if (!scanhex(&cpu)) { > + if (!scanhex(&cpu) || cpu >= num_possible_cpus()) { > /* print cpus waiting or in xmon */ > printf("cpus stopped:"); > last_cpu = first_cpu = NR_CPUS; > @@ -2678,7 +2678,7 @@ static void dump_pacas(void) > > termch = c; /* Put c back, it wasn't 'a' */ > > - if (scanhex(&num)) > + if (scanhex(&num) && num < num_possible_cpus()) > dump_one_paca(num); > else > dump_one_paca(xmon_owner); > @@ -2751,7 +2751,7 @@ static void dump_xives(void) > > termch = c; /* Put c back, it wasn't 'a' */ > > - if (scanhex(&num)) > + if (scanhex(&num) && num < num_possible_cpus()) > dump_one_xive(num); > else > dump_one_xive(xmon_owner); > >
diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c index 80fbf8968f77..d3d6e044228e 100644 --- a/arch/powerpc/xmon/xmon.c +++ b/arch/powerpc/xmon/xmon.c @@ -1248,7 +1248,7 @@ static int cpu_cmd(void) unsigned long cpu, first_cpu, last_cpu; int timeout; - if (!scanhex(&cpu)) { + if (!scanhex(&cpu) || cpu >= num_possible_cpus()) { /* print cpus waiting or in xmon */ printf("cpus stopped:"); last_cpu = first_cpu = NR_CPUS; @@ -2678,7 +2678,7 @@ static void dump_pacas(void) termch = c; /* Put c back, it wasn't 'a' */ - if (scanhex(&num)) + if (scanhex(&num) && num < num_possible_cpus()) dump_one_paca(num); else dump_one_paca(xmon_owner); @@ -2751,7 +2751,7 @@ static void dump_xives(void) termch = c; /* Put c back, it wasn't 'a' */ - if (scanhex(&num)) + if (scanhex(&num) && num < num_possible_cpus()) dump_one_xive(num); else dump_one_xive(xmon_owner);
All these commands end up peeking into the PACA using the user originated cpu id as an index. Check the cpu id is valid in order to prevent xmon to crash. Instead of printing an error, this follows the same behavior as the "lp s #" command : ignore the buggy cpu id parameter and fall back to the #-less version of the command. Signed-off-by: Greg Kurz <groug@kaod.org> --- arch/powerpc/xmon/xmon.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)