summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Oberparleiter <peter.oberparleiter@de.ibm.com>2005-09-16 19:27:42 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-17 11:49:59 -0700
commit6add9f7f529b124938d14ae9db5a952d1272075a (patch)
tree512f82531228094f6c8696296f36304a4a4e7049
parent26ff6ad9786abf6f40a6d3cbb89753b4fa50cb00 (diff)
downloadlwn-6add9f7f529b124938d14ae9db5a952d1272075a.tar.gz
lwn-6add9f7f529b124938d14ae9db5a952d1272075a.zip
[PATCH] s390: kernel stack corruption
When an asynchronous interruption occurs during the execution of the 'critical section' within the generic interruption handling code (entry.S), a faulty check for a userspace PSW may result in a corrupted kernel stack pointer which subsequently triggers a stack overflow check. Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--arch/s390/kernel/entry.S2
-rw-r--r--arch/s390/kernel/entry64.S2
2 files changed, 2 insertions, 2 deletions
diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S
index 58fc7fbcb40e..9b30f4cf32c4 100644
--- a/arch/s390/kernel/entry.S
+++ b/arch/s390/kernel/entry.S
@@ -108,7 +108,7 @@ STACK_SIZE = 1 << STACK_SHIFT
bl BASED(0f)
l %r14,BASED(.Lcleanup_critical)
basr %r14,%r14
- tm 0(%r12),0x01 # retest problem state after cleanup
+ tm 1(%r12),0x01 # retest problem state after cleanup
bnz BASED(1f)
0: l %r14,__LC_ASYNC_STACK # are we already on the async stack ?
slr %r14,%r15
diff --git a/arch/s390/kernel/entry64.S b/arch/s390/kernel/entry64.S
index d0c9ffaa25db..7b9b4a2ba1d7 100644
--- a/arch/s390/kernel/entry64.S
+++ b/arch/s390/kernel/entry64.S
@@ -101,7 +101,7 @@ _TIF_WORK_INT = (_TIF_SIGPENDING | _TIF_NEED_RESCHED | _TIF_MCCK_PENDING)
clc \psworg+8(8),BASED(.Lcritical_start)
jl 0f
brasl %r14,cleanup_critical
- tm 0(%r12),0x01 # retest problem state after cleanup
+ tm 1(%r12),0x01 # retest problem state after cleanup
jnz 1f
0: lg %r14,__LC_ASYNC_STACK # are we already on the async. stack ?
slgr %r14,%r15