projects
/
platform
/
kernel
/
linux-rpi.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
8b92c4f
)
reboot: fix overflow parsing reboot cpu number
author
Matteo Croce
<mcroce@microsoft.com>
Sat, 14 Nov 2020 06:52:07 +0000
(22:52 -0800)
committer
Linus Torvalds
<torvalds@linux-foundation.org>
Sat, 14 Nov 2020 19:26:03 +0000
(11:26 -0800)
Limit the CPU number to num_possible_cpus(), because setting it to a
value lower than INT_MAX but higher than NR_CPUS produces the following
error on reboot and shutdown:
BUG: unable to handle page fault for address:
ffffffff90ab1bb0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD
1c09067
P4D
1c09067
PUD
1c0a063
PMD 0
Oops: 0000 [#1] SMP
CPU: 1 PID: 1 Comm: systemd-shutdow Not tainted 5.9.0-rc8-kvm #110
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014
RIP: 0010:migrate_to_reboot_cpu+0xe/0x60
Code: ea ea 00 48 89 fa 48 c7 c7 30 57 f1 81 e9 fa ef ff ff 66 2e 0f 1f 84 00 00 00 00 00 53 8b 1d d5 ea ea 00 e8 14 33 fe ff 89 da <48> 0f a3 15 ea fc bd 00 48 89 d0 73 29 89 c2 c1 e8 06 65 48 8b 3c
RSP: 0018:
ffffc90000013e08
EFLAGS:
00010246
RAX:
ffff88801f0a0000
RBX:
0000000077359400
RCX:
0000000000000000
RDX:
0000000077359400
RSI:
0000000000000002
RDI:
ffffffff81c199e0
RBP:
ffffffff81c1e3c0
R08:
ffff88801f41f000
R09:
ffffffff81c1e348
R10:
0000000000000000
R11:
0000000000000000
R12:
0000000000000000
R13:
00007f32bedf8830
R14:
00000000fee1dead
R15:
0000000000000000
FS:
00007f32bedf8980
(0000) GS:
ffff88801f480000
(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
ffffffff90ab1bb0
CR3:
000000001d057000
CR4:
00000000000006a0
DR0:
0000000000000000
DR1:
0000000000000000
DR2:
0000000000000000
DR3:
0000000000000000
DR6:
00000000fffe0ff0
DR7:
0000000000000400
Call Trace:
__do_sys_reboot.cold+0x34/0x5b
do_syscall_64+0x2d/0x40
Fixes: 1b3a5d02ee07 ("reboot: move arch/x86 reboot= handling to generic kernel")
Signed-off-by: Matteo Croce <mcroce@microsoft.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Fabian Frederick <fabf@skynet.be>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Pavel Tatashin <pasha.tatashin@soleen.com>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Robin Holt <robinmholt@gmail.com>
Cc: <stable@vger.kernel.org>
Link:
https://lkml.kernel.org/r/20201103214025.116799-3-mcroce@linux.microsoft.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
kernel/reboot.c
patch
|
blob
|
history
diff --git
a/kernel/reboot.c
b/kernel/reboot.c
index 8fbba433725edeeee38365626ca13ad395c7f00d..af6f23d8bea164f6929453bec3d9cc1fa7f92007 100644
(file)
--- a/
kernel/reboot.c
+++ b/
kernel/reboot.c
@@
-558,6
+558,13
@@
static int __init reboot_setup(char *str)
reboot_cpu = simple_strtoul(str+3, NULL, 0);
else
*mode = REBOOT_SOFT;
+ if (reboot_cpu >= num_possible_cpus()) {
+ pr_err("Ignoring the CPU number in reboot= option. "
+ "CPU %d exceeds possible cpu number %d\n",
+ reboot_cpu, num_possible_cpus());
+ reboot_cpu = 0;
+ break;
+ }
break;
case 'g':