Patch "powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 5 Jul 2024 15:36:31 -0400

This is a note to let you know that I've just added the patch titled

    powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     powerpc-xmon-check-cpu-id-in-commands-c-dp-and-dx.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 0f36b478457790169ff04f05243efdde1b745db5
Author: Greg Kurz <groug@xxxxxxxx>
Date:   Tue Mar 9 19:11:10 2021 +0100

    powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
    
    [ Upstream commit 8873aab8646194a4446117bb617cc71bddda2dee ]
    
    All these commands end up peeking into the PACA using the user
    originated cpu id as an index. Check the cpu id is valid in order
    to prevent xmon to crash. Instead of printing an error, this follows
    the same behavior as the "lp s #" command : ignore the buggy cpu id
    parameter and fall back to the #-less version of the command.
    
    Signed-off-by: Greg Kurz <groug@xxxxxxxx>
    Reviewed-by: Cédric Le Goater <clg@xxxxxxxx>
    Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
    Link: https://msgid.link/161531347060.252863.10490063933688958044.stgit@xxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c
index 8b5277c3b1476..4178d5e8b42d9 100644
--- a/arch/powerpc/xmon/xmon.c
+++ b/arch/powerpc/xmon/xmon.c
@@ -1356,7 +1356,7 @@ static int cpu_cmd(void)
 	}
 	termch = cpu;
 
-	if (!scanhex(&cpu)) {
+	if (!scanhex(&cpu) || cpu >= num_possible_cpus()) {
 		/* print cpus waiting or in xmon */
 		printf("cpus stopped:");
 		last_cpu = first_cpu = NR_CPUS;
@@ -2771,7 +2771,7 @@ static void dump_pacas(void)
 
 	termch = c;	/* Put c back, it wasn't 'a' */
 
-	if (scanhex(&num))
+	if (scanhex(&num) && num < num_possible_cpus())
 		dump_one_paca(num);
 	else
 		dump_one_paca(xmon_owner);
@@ -2844,7 +2844,7 @@ static void dump_xives(void)
 
 	termch = c;	/* Put c back, it wasn't 'a' */
 
-	if (scanhex(&num))
+	if (scanhex(&num) && num < num_possible_cpus())
 		dump_one_xive(num);
 	else
 		dump_one_xive(xmon_owner);







