[s390] pfault: fix token handling (Closes: #622570)
svn path=/dists/sid/linux-2.6/; revision=17240
This commit is contained in:
parent
89d022ceb3
commit
109d20165c
|
@ -37,6 +37,7 @@ linux-2.6 (2.6.38-4) UNRELEASED; urgency=low
|
||||||
For the complete list of changes, see:
|
For the complete list of changes, see:
|
||||||
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.3
|
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.3
|
||||||
* Add stable 2.6.38.4-rc1
|
* Add stable 2.6.38.4-rc1
|
||||||
|
* [s390] pfault: fix token handling (Closes: #622570)
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Fri, 08 Apr 2011 00:59:57 +0100
|
-- Ben Hutchings <ben@decadent.org.uk> Fri, 08 Apr 2011 00:59:57 +0100
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,73 @@
|
||||||
|
From: Heiko Carstens <heiko.carstens@de.ibm.com>
|
||||||
|
Subject: [S390] pfault: fix token handling
|
||||||
|
Date: Tue, 19 Apr 2011 08:34:01 +0200
|
||||||
|
|
||||||
|
f6649a7e "[S390] cleanup lowcore access from external interrupts" changed
|
||||||
|
handling of external interrupts. Instead of letting the external interrupt
|
||||||
|
handlers accessing the per cpu lowcore the entry code of the kernel reads
|
||||||
|
already all fields that are necessary and passes them to the handlers.
|
||||||
|
The pfault interrupt handler was incorrectly converted. It tries to
|
||||||
|
dereference a value which used to be a pointer to a lowcore field. After
|
||||||
|
the conversion however it is not anymore the pointer to the field but its
|
||||||
|
content. So instead of a dereference only a cast is needed to get the
|
||||||
|
task pointer that caused the pfault.
|
||||||
|
|
||||||
|
Fixes a NULL pointer dereference and a subsequent kernel crash:
|
||||||
|
|
||||||
|
Unable to handle kernel pointer dereference at virtual kernel address (null)
|
||||||
|
Oops: 0004 [#1] SMP
|
||||||
|
Modules linked in: nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc
|
||||||
|
loop qeth_l3 qeth vmur ccwgroup ext3 jbd mbcache dm_mod
|
||||||
|
dasd_eckd_mod dasd_diag_mod dasd_mod
|
||||||
|
CPU: 0 Not tainted 2.6.38-2-s390x #1
|
||||||
|
Process cron (pid: 1106, task: 000000001f962f78, ksp: 000000001fa0f9d0)
|
||||||
|
Krnl PSW : 0404200180000000 000000000002c03e (pfault_interrupt+0xa2/0x138)
|
||||||
|
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
|
||||||
|
Krnl GPRS: 0000000000000000 0000000000000001 0000000000000000 0000000000000001
|
||||||
|
000000001f962f78 0000000000518968 0000000090000002 000000001ff03280
|
||||||
|
0000000000000000 000000000064f000 000000001f962f78 0000000000002603
|
||||||
|
0000000006002603 0000000000000000 000000001ff7fe68 000000001ff7fe48
|
||||||
|
Krnl Code: 000000000002c036: 5820d010 l %r2,16(%r13)
|
||||||
|
000000000002c03a: 1832 lr %r3,%r2
|
||||||
|
000000000002c03c: 1a31 ar %r3,%r1
|
||||||
|
>000000000002c03e: ba23d010 cs %r2,%r3,16(%r13)
|
||||||
|
000000000002c042: a744fffc brc 4,2c03a
|
||||||
|
000000000002c046: a7290002 lghi %r2,2
|
||||||
|
000000000002c04a: e320d0000024 stg %r2,0(%r13)
|
||||||
|
000000000002c050: 07f0 bcr 15,%r0
|
||||||
|
Call Trace:
|
||||||
|
([<000000001f962f78>] 0x1f962f78)
|
||||||
|
[<000000000001acda>] do_extint+0xf6/0x138
|
||||||
|
[<000000000039b6ca>] ext_no_vtime+0x30/0x34
|
||||||
|
[<000000007d706e04>] 0x7d706e04
|
||||||
|
Last Breaking-Event-Address:
|
||||||
|
[<0000000000000000>] 0x0
|
||||||
|
|
||||||
|
For stable maintainers:
|
||||||
|
the first kernel which contains this bug is 2.6.37.
|
||||||
|
|
||||||
|
Reported-by: Stephen Powell <zlinuxman@wowway.com>
|
||||||
|
Cc: Jonathan Nieder <jrnieder@gmail.com>
|
||||||
|
Cc: stable@kernel.org
|
||||||
|
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
|
||||||
|
---
|
||||||
|
|
||||||
|
arch/s390/mm/fault.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
|
||||||
|
index 9217e33..4cf85fe 100644
|
||||||
|
--- a/arch/s390/mm/fault.c
|
||||||
|
+++ b/arch/s390/mm/fault.c
|
||||||
|
@@ -558,9 +558,9 @@ static void pfault_interrupt(unsigned int ext_int_code,
|
||||||
|
* Get the token (= address of the task structure of the affected task).
|
||||||
|
*/
|
||||||
|
#ifdef CONFIG_64BIT
|
||||||
|
- tsk = *(struct task_struct **) param64;
|
||||||
|
+ tsk = (struct task_struct *) param64;
|
||||||
|
#else
|
||||||
|
- tsk = *(struct task_struct **) param32;
|
||||||
|
+ tsk = (struct task_struct *) param32;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (subcode & 0x0080) {
|
|
@ -13,3 +13,4 @@
|
||||||
- bugfix/sparc/sparc-Fix-.size-directive-for-do_int_load.patch
|
- bugfix/sparc/sparc-Fix-.size-directive-for-do_int_load.patch
|
||||||
+ bugfix/all/stable/2.6.38.4-rc1.patch
|
+ bugfix/all/stable/2.6.38.4-rc1.patch
|
||||||
+ debian/lib-strict_strto-Avoid-ABI-change.patch
|
+ debian/lib-strict_strto-Avoid-ABI-change.patch
|
||||||
|
+ bugfix/s390/S390-pfault-fix-token-handling.patch
|
||||||
|
|
Loading…
Reference in New Issue