• Heiko Carstens's avatar
    s390: fix stfle zero padding · 6f477767
    Heiko Carstens authored
    commit 4f18d869ffd056c7858f3d617c71345cf19be008 upstream.
    
    The stfle inline assembly returns the number of double words written
    (condition code 0) or the double words it would have written
    (condition code 3), if the memory array it got as parameter would have
    been large enough.
    
    The current stfle implementation assumes that the array is always
    large enough and clears those parts of the array that have not been
    written to with a subsequent memset call.
    
    If however the array is not large enough memset will get a negative
    length parameter, which means that memset clears memory until it gets
    an exception and the kernel crashes.
    
    To fix this simply limit the maximum length. Move also the inline
    assembly to an extra function to avoid clobbering of register 0, which
    might happen because of the added min_t invocation together with code
    instrumentation.
    
    The bug was introduced with commit 14375bc4 ("[S390] cleanup
    facility list handling") but was rather harmless, since it would only
    write to a rather large array. It became a potential problem with
    commit 3ab121ab ("[S390] kernel: Add z/VM LGR detection"). Since
    then it writes to an array with only four double words, while some
    machines already deliver three double words. As soon as machines have
    a facility bit within the fifth double a crash on IPL would happen.
    
    Fixes: 14375bc4 ("[S390] cleanup facility list handling")
    Cc: <stable@vger.kernel.org> # v2.6.37+
    Reviewed-by: default avatarVasily Gorbik <gor@linux.ibm.com>
    Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
    Signed-off-by: default avatarVasily Gorbik <gor@linux.ibm.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    6f477767
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...