[PATCH] s390: kernel stack corruption

When an asynchronous interruption occurs during the execution of the
'critical section' within the generic interruption handling code (entry.S),
a faulty check for a userspace PSW may result in a corrupted kernel stack
pointer which subsequently triggers a stack overflow check.

Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S
index 58fc7fbcb40e17d6150f171125e47bafde4f0591..9b30f4cf32c4736806791f0904231705f1fc9353 100644 (file)
--- a/arch/s390/kernel/entry.S
+++ b/arch/s390/kernel/entry.S
@@ -108,7 +108,7 @@ STACK_SIZE  = 1 << STACK_SHIFT
        bl      BASED(0f)
        l       %r14,BASED(.Lcleanup_critical)
        basr    %r14,%r14
-       tm      0(%r12),0x01            # retest problem state after cleanup
+       tm      1(%r12),0x01            # retest problem state after cleanup
        bnz     BASED(1f)
 0:     l       %r14,__LC_ASYNC_STACK   # are we already on the async stack ?
        slr     %r14,%r15

diff --git a/arch/s390/kernel/entry64.S b/arch/s390/kernel/entry64.S
index d0c9ffaa25db7b02c0bb77c76097e2cdceee852c..7b9b4a2ba1d7c3ee58c6b16aba372c278d52addb 100644 (file)
--- a/arch/s390/kernel/entry64.S
+++ b/arch/s390/kernel/entry64.S
@@ -101,7 +101,7 @@ _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_NEED_RESCHED | _TIF_MCCK_PENDING)
        clc     \psworg+8(8),BASED(.Lcritical_start)
        jl      0f
        brasl   %r14,cleanup_critical
-       tm      0(%r12),0x01            # retest problem state after cleanup
+       tm      1(%r12),0x01            # retest problem state after cleanup
        jnz     1f
 0:     lg      %r14,__LC_ASYNC_STACK   # are we already on the async. stack ?
        slgr    %r14,%r15