On 3/9/21 7:11 PM, Greg Kurz wrote: > All these commands end up peeking into the PACA using the user originated > cpu id as an index. Check the cpu id is valid in order to prevent xmon to > crash. Instead of printing an error, this follows the same behavior as the > "lp s #" command : ignore the buggy cpu id parameter and fall back to the > #-less version of the command. > > Signed-off-by: Greg Kurz <gr...@kaod.org>
Reviewed-by: Cédric Le Goater <c...@kaod.org> > --- > arch/powerpc/xmon/xmon.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c > index 80fbf8968f77..d3d6e044228e 100644 > --- a/arch/powerpc/xmon/xmon.c > +++ b/arch/powerpc/xmon/xmon.c > @@ -1248,7 +1248,7 @@ static int cpu_cmd(void) > unsigned long cpu, first_cpu, last_cpu; > int timeout; > > - if (!scanhex(&cpu)) { > + if (!scanhex(&cpu) || cpu >= num_possible_cpus()) { > /* print cpus waiting or in xmon */ > printf("cpus stopped:"); > last_cpu = first_cpu = NR_CPUS; > @@ -2678,7 +2678,7 @@ static void dump_pacas(void) > > termch = c; /* Put c back, it wasn't 'a' */ > > - if (scanhex(&num)) > + if (scanhex(&num) && num < num_possible_cpus()) > dump_one_paca(num); > else > dump_one_paca(xmon_owner); > @@ -2751,7 +2751,7 @@ static void dump_xives(void) > > termch = c; /* Put c back, it wasn't 'a' */ > > - if (scanhex(&num)) > + if (scanhex(&num) && num < num_possible_cpus()) > dump_one_xive(num); > else > dump_one_xive(xmon_owner); > >