Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bba2a5b8 authored Sep 01, 2017 by Linus Torvalds

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Martin Schwidefsky:
 "Three more bug fixes for v4.13.

  The two memory management related fixes are quite new, they fix kernel
  crashes that can be triggered by user space.

  The third commit fixes a bug in the vfio ccw translation code"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/mm: fix BUG_ON in crst_table_upgrade
  s390/mm: fork vs. 5 level page tabel
  vfio: ccw: fix bad ptr math for TIC cda translation

parents a1c516a6 0fdd49ad

arch/s390/include/asm/mmu_context.h

+5 −0

Original line number	Original line	Diff line number	Diff line
	@@ -44,6 +44,11 @@ static inline int init_new_context(struct task_struct *tsk,
	mm->context.asce = __pa(mm->pgd) \| _ASCE_TABLE_LENGTH \|		mm->context.asce = __pa(mm->pgd) \| _ASCE_TABLE_LENGTH \|
	_ASCE_USER_BITS \| _ASCE_TYPE_REGION3;		_ASCE_USER_BITS \| _ASCE_TYPE_REGION3;
	break;		break;
			case -PAGE_SIZE:
			/* forked 5-level task, set new asce with new_mm->pgd */
			mm->context.asce = __pa(mm->pgd) \| _ASCE_TABLE_LENGTH \|
			_ASCE_USER_BITS \| _ASCE_TYPE_REGION1;
			break;
	case 1UL << 53:		case 1UL << 53:
	/* forked 4-level task, set new asce with new mm->pgd */		/* forked 4-level task, set new asce with new mm->pgd */
	mm->context.asce = __pa(mm->pgd) \| _ASCE_TABLE_LENGTH \|		mm->context.asce = __pa(mm->pgd) \| _ASCE_TABLE_LENGTH \|

arch/s390/mm/mmap.c

+4 −2

Original line number	Original line	Diff line number	Diff line
	@@ -119,7 +119,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
	return addr;		return addr;

	check_asce_limit:		check_asce_limit:
	if (addr + len > current->mm->context.asce_limit) {		if (addr + len > current->mm->context.asce_limit &&
			addr + len <= TASK_SIZE) {
	rc = crst_table_upgrade(mm, addr + len);		rc = crst_table_upgrade(mm, addr + len);
	if (rc)		if (rc)
	return (unsigned long) rc;		return (unsigned long) rc;
	@@ -183,7 +184,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
	}		}

	check_asce_limit:		check_asce_limit:
	if (addr + len > current->mm->context.asce_limit) {		if (addr + len > current->mm->context.asce_limit &&
			addr + len <= TASK_SIZE) {
	rc = crst_table_upgrade(mm, addr + len);		rc = crst_table_upgrade(mm, addr + len);
	if (rc)		if (rc)
	return (unsigned long) rc;		return (unsigned long) rc;

drivers/s390/cio/vfio_ccw_cp.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -481,7 +481,7 @@ static int ccwchain_fetch_tic(struct ccwchain *chain,
	ccw_tail = ccw_head + (iter->ch_len - 1) * sizeof(struct ccw1);		ccw_tail = ccw_head + (iter->ch_len - 1) * sizeof(struct ccw1);

	if ((ccw_head <= ccw->cda) && (ccw->cda <= ccw_tail)) {		if ((ccw_head <= ccw->cda) && (ccw->cda <= ccw_tail)) {
	ccw->cda = (__u32) (addr_t) (iter->ch_ccw +		ccw->cda = (__u32) (addr_t) (((char *)iter->ch_ccw) +
	(ccw->cda - ccw_head));		(ccw->cda - ccw_head));
	return 0;		return 0;
	}		}