Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6add9f7f authored Sep 16, 2005 by Peter Oberparleiter Committed by Linus Torvalds Sep 17, 2005

[PATCH] s390: kernel stack corruption



When an asynchronous interruption occurs during the execution of the
'critical section' within the generic interruption handling code (entry.S),
a faulty check for a userspace PSW may result in a corrupted kernel stack
pointer which subsequently triggers a stack overflow check.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

parent 26ff6ad9

arch/s390/kernel/entry.S

+1 −1

Original line number	Diff line number	Diff line
		@@ -108,7 +108,7 @@ STACK_SIZE = 1 << STACK_SHIFT
		bl BASED(0f)
		l %r14,BASED(.Lcleanup_critical)
		basr %r14,%r14
		tm 0(%r12),0x01 # retest problem state after cleanup
		tm 1(%r12),0x01 # retest problem state after cleanup
		bnz BASED(1f)
		0: l %r14,__LC_ASYNC_STACK # are we already on the async stack ?
		slr %r14,%r15

arch/s390/kernel/entry64.S

+1 −1

Original line number	Diff line number	Diff line
		@@ -101,7 +101,7 @@ _TIF_WORK_INT = (_TIF_SIGPENDING \| _TIF_NEED_RESCHED \| _TIF_MCCK_PENDING)
		clc \psworg+8(8),BASED(.Lcritical_start)
		jl 0f
		brasl %r14,cleanup_critical
		tm 0(%r12),0x01 # retest problem state after cleanup
		tm 1(%r12),0x01 # retest problem state after cleanup
		jnz 1f
		0: lg %r14,__LC_ASYNC_STACK # are we already on the async. stack ?
		slgr %r14,%r15