From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, "Martin Schwidefsky" <schwidefsky@de.ibm.com>
Subject: [PATCH 3.2 18/18] s390: fix kernel crash due to linkage stack instructions
Date: Mon, 07 Apr 2014 00:35:48 +0100 [thread overview]
Message-ID: <lsq.1396827348.584142523@decadent.org.uk> (raw)
In-Reply-To: <lsq.1396827347.462803115@decadent.org.uk>
3.2.57-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
commit 8d7f6690cedb83456edd41c9bd583783f0703bf0 upstream.
The kernel currently crashes with a low-address-protection exception
if a user space process executes an instruction that tries to use the
linkage stack. Set the base-ASTE origin and the subspace-ASTE origin
of the dispatchable-unit-control-table to point to a dummy ASTE.
Set up control register 15 to point to an empty linkage stack with no
room left.
A user space process with a linkage stack instruction will still crash
but with a different exception which is correctly translated to a
segmentation fault instead of a kernel oops.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
arch/s390/kernel/head64.S | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/arch/s390/kernel/head64.S
+++ b/arch/s390/kernel/head64.S
@@ -61,7 +61,7 @@ ENTRY(startup_continue)
.quad 0 # cr12: tracing off
.quad 0 # cr13: home space segment table
.quad 0xc0000000 # cr14: machine check handling off
- .quad 0 # cr15: linkage stack operations
+ .quad .Llinkage_stack # cr15: linkage stack operations
.Lpcmsk:.quad 0x0000000180000000
.L4malign:.quad 0xffffffffffc00000
.Lscan2g:.quad 0x80000000 + 0x20000 - 8 # 2GB + 128K - 8
@@ -69,12 +69,15 @@ ENTRY(startup_continue)
.Lparmaddr:
.quad PARMAREA
.align 64
-.Lduct: .long 0,0,0,0,.Lduald,0,0,0
+.Lduct: .long 0,.Laste,.Laste,0,.Lduald,0,0,0
.long 0,0,0,0,0,0,0,0
+.Laste: .quad 0,0xffffffffffffffff,0,0,0,0,0,0
.align 128
.Lduald:.rept 8
.long 0x80000000,0,0,0 # invalid access-list entries
.endr
+.Llinkage_stack:
+ .long 0,0,0x89000000,0,0,0,0x8a000000,0
ENTRY(_ehead)
next prev parent reply other threads:[~2014-04-06 23:41 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-06 23:35 [PATCH 3.2 00/18] 3.2.57-rc1 review Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 01/18] Input: synaptics - add manual min/max quirk Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 02/18] Input: synaptics - add manual min/max quirk for ThinkPad X240 Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 14/18] net: asix: add missing flag to struct driver_info Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 10/18] deb-pkg: Fix building for MIPS big-endian or ARM OABI Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 04/18] ext4: atomically set inode->i_flags in ext4_set_inode_flags() Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 17/18] cifs: ensure that uncached writes handle unmapped areas correctly Ben Hutchings
2014-04-07 1:41 ` Ben Hutchings
2014-04-07 13:45 ` Raphael Geissert
2014-04-07 19:14 ` Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 07/18] net: add and use skb_gso_transport_seglen() Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 12/18] asix: asix_rx_fixup surgery to reduce skb truesizes Ben Hutchings
2014-04-06 23:35 ` Ben Hutchings [this message]
2014-04-06 23:35 ` [PATCH 3.2 03/18] staging: speakup: Prefix set_mask_bits() symbol Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 13/18] net: asix: handle packets crossing URB boundaries Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 06/18] ipc/msg: fix race around refcount Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 05/18] netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 16/18] KVM: VMX: fix use after free of vmx->loaded_vmcs Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 09/18] deb-pkg: use KCONFIG_CONFIG instead of .config file directly Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 11/18] deb-pkg: Fix cross-building linux-headers package Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 15/18] KVM: MMU: handle invalid root_hpa at __direct_map Ben Hutchings
2014-04-06 23:35 ` [PATCH 3.2 08/18] net: ip, ipv6: handle gso skbs in forwarding path Ben Hutchings
2014-04-07 1:42 ` [PATCH 3.2 00/18] 3.2.57-rc1 review Ben Hutchings
2014-04-07 3:55 ` Guenter Roeck
2014-04-07 12:30 ` Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lsq.1396827348.584142523@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=schwidefsky@de.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.