[PATCH] s390: kernel stack corruption

When an asynchronous interruption occurs during the execution of the 'critical section' within the generic interruption handling code (entry.S), a faulty check for a userspace PSW may result in a corrupted kernel stack pointer which subsequently triggers a stack overflow check. Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> 2005-09-16 22:27:42 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2005-09-17 14:49:59 -0400
commit: 6add9f7f529b124938d14ae9db5a952d1272075a (patch)
tree: 512f82531228094f6c8696296f36304a4a4e7049
parent: 26ff6ad9786abf6f40a6d3cbb89753b4fa50cb00 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S
index 58fc7fbcb40e..9b30f4cf32c4 100644
--- a/arch/s390/kernel/entry.S
+++ b/arch/s390/kernel/entry.S
@@ -108,7 +108,7 @@ STACK_SIZE  = 1 << STACK_SHIFT
        bl      BASED(0f)
        l       %r14,BASED(.Lcleanup_critical)
        basr    %r14,%r14
-        tm      0(%r12),0x01            # retest problem state after cleanup
+        tm      1(%r12),0x01            # retest problem state after cleanup
        bnz     BASED(1f)
 0:      l       %r14,__LC_ASYNC_STACK   # are we already on the async stack ?
        slr     %r14,%r15
diff --git a/arch/s390/kernel/entry64.S b/arch/s390/kernel/entry64.S
index d0c9ffaa25db..7b9b4a2ba1d7 100644
--- a/arch/s390/kernel/entry64.S
+++ b/arch/s390/kernel/entry64.S
@@ -101,7 +101,7 @@ _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_NEED_RESCHED | _TIF_MCCK_PENDING)
        clc     \psworg+8(8),BASED(.Lcritical_start)
        jl      0f
        brasl   %r14,cleanup_critical
-        tm      0(%r12),0x01            # retest problem state after cleanup
+        tm      1(%r12),0x01            # retest problem state after cleanup
        jnz     1f
 0:      lg      %r14,__LC_ASYNC_STACK   # are we already on the async. stack ?
        slgr    %r14,%r15
author	Peter Oberparleiter <peter.oberparleiter@de.ibm.com>	2005-09-16 22:27:42 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2005-09-17 14:49:59 -0400
commit	6add9f7f529b124938d14ae9db5a952d1272075a (patch)
tree	512f82531228094f6c8696296f36304a4a4e7049
parent	26ff6ad9786abf6f40a6d3cbb89753b4fa50cb00 (diff)

diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S index 58fc7fbcb40e..9b30f4cf32c4 100644 --- a/arch/s390/kernel/entry.S +++ b/arch/s390/kernel/entry.S
@@ -108,7 +108,7 @@ STACK_SIZE = 1 << STACK_SHIFT
108	bl BASED(0f)	108	bl BASED(0f)
109	l %r14,BASED(.Lcleanup_critical)	109	l %r14,BASED(.Lcleanup_critical)
110	basr %r14,%r14	110	basr %r14,%r14
111	tm 0(%r12),0x01 # retest problem state after cleanup	111	tm 1(%r12),0x01 # retest problem state after cleanup
112	bnz BASED(1f)	112	bnz BASED(1f)
113	0: l %r14,__LC_ASYNC_STACK # are we already on the async stack ?	113	0: l %r14,__LC_ASYNC_STACK # are we already on the async stack ?
114	slr %r14,%r15	114	slr %r14,%r15


diff --git a/arch/s390/kernel/entry64.S b/arch/s390/kernel/entry64.S index d0c9ffaa25db..7b9b4a2ba1d7 100644 --- a/arch/s390/kernel/entry64.S +++ b/arch/s390/kernel/entry64.S
@@ -101,7 +101,7 @@ _TIF_WORK_INT = (_TIF_SIGPENDING \| _TIF_NEED_RESCHED \| _TIF_MCCK_PENDING)
101	clc \psworg+8(8),BASED(.Lcritical_start)	101	clc \psworg+8(8),BASED(.Lcritical_start)
102	jl 0f	102	jl 0f
103	brasl %r14,cleanup_critical	103	brasl %r14,cleanup_critical
104	tm 0(%r12),0x01 # retest problem state after cleanup	104	tm 1(%r12),0x01 # retest problem state after cleanup
105	jnz 1f	105	jnz 1f
106	0: lg %r14,__LC_ASYNC_STACK # are we already on the async. stack ?	106	0: lg %r14,__LC_ASYNC_STACK # are we already on the async. stack ?
107	slgr %r14,%r15	107	slgr %r14,%r15