[patch] s390: kernel stack corruption.

From: Martin Schwidefsky
Date: Thu Sep 15 2005 - 09:53:27 EST

Hi Andrew,
Peter discoverd another rather critical bug in entry.S.
This should go into 2.6.14 if possible.

blue skies,
Martin.

---

[patch] s390: kernel stack corruption.

From: Peter Oberparleiter <peter.oberparleiter@xxxxxxxxxx>

When an asynchronous interruption occurs during the execution
of the 'critical section' within the generic interruption
handling code (entry.S), a faulty check for a userspace PSW may
result in a corrupted kernel stack pointer which subsequently
triggers a stack overflow check.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@xxxxxxxxxx>
Signed-off-by: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>

diffstat:
arch/s390/kernel/entry.S | 2 +-
arch/s390/kernel/entry64.S | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff -urpN linux-2.6/arch/s390/kernel/entry64.S linux-2.6-patched/arch/s390/kernel/entry64.S
--- linux-2.6/arch/s390/kernel/entry64.S 2005-09-15 15:31:03.000000000 +0200
+++ linux-2.6-patched/arch/s390/kernel/entry64.S 2005-09-15 15:31:26.000000000 +0200
@@ -101,7 +101,7 @@ _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_
clc \psworg+8(8),BASED(.Lcritical_start)
jl 0f
brasl %r14,cleanup_critical
- tm 0(%r12),0x01 # retest problem state after cleanup
+ tm 1(%r12),0x01 # retest problem state after cleanup
jnz 1f
0: lg %r14,__LC_ASYNC_STACK # are we already on the async. stack ?
slgr %r14,%r15
diff -urpN linux-2.6/arch/s390/kernel/entry.S linux-2.6-patched/arch/s390/kernel/entry.S
--- linux-2.6/arch/s390/kernel/entry.S 2005-09-15 15:31:03.000000000 +0200
+++ linux-2.6-patched/arch/s390/kernel/entry.S 2005-09-15 15:31:26.000000000 +0200
@@ -108,7 +108,7 @@ STACK_SIZE = 1 << STACK_SHIFT
bl BASED(0f)
l %r14,BASED(.Lcleanup_critical)
basr %r14,%r14
- tm 0(%r12),0x01 # retest problem state after cleanup
+ tm 1(%r12),0x01 # retest problem state after cleanup
bnz BASED(1f)
0: l %r14,__LC_ASYNC_STACK # are we already on the async stack ?
slr %r14,%r15
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/