tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Martin Schwidefsky:
"Three more bug fixes for v4.13.

The two memory management related fixes are quite new, they fix kernel
crashes that can be triggered by user space.

The third commit fixes a bug in the vfio ccw translation code"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/mm: fix BUG_ON in crst_table_upgrade
s390/mm: fork vs. 5 level page tabel
vfio: ccw: fix bad ptr math for TIC cda translation

Linus Torvalds bba2a5b8 a1c516a6

+10 -3
+5
arch/s390/include/asm/mmu_context.h
··· 44 44 mm->context.asce = __pa(mm->pgd) | _ASCE_TABLE_LENGTH | 45 45 _ASCE_USER_BITS | _ASCE_TYPE_REGION3; 46 46 break; 47 + case -PAGE_SIZE: 48 + /* forked 5-level task, set new asce with new_mm->pgd */ 49 + mm->context.asce = __pa(mm->pgd) | _ASCE_TABLE_LENGTH | 50 + _ASCE_USER_BITS | _ASCE_TYPE_REGION1; 51 + break; 47 52 case 1UL << 53: 48 53 /* forked 4-level task, set new asce with new mm->pgd */ 49 54 mm->context.asce = __pa(mm->pgd) | _ASCE_TABLE_LENGTH |
+4 -2
arch/s390/mm/mmap.c
··· 119 119 return addr; 120 120 121 121 check_asce_limit: 122 - if (addr + len > current->mm->context.asce_limit) { 122 + if (addr + len > current->mm->context.asce_limit && 123 + addr + len <= TASK_SIZE) { 123 124 rc = crst_table_upgrade(mm, addr + len); 124 125 if (rc) 125 126 return (unsigned long) rc; ··· 184 183 } 185 184 186 185 check_asce_limit: 187 - if (addr + len > current->mm->context.asce_limit) { 186 + if (addr + len > current->mm->context.asce_limit && 187 + addr + len <= TASK_SIZE) { 188 188 rc = crst_table_upgrade(mm, addr + len); 189 189 if (rc) 190 190 return (unsigned long) rc;
+1 -1
drivers/s390/cio/vfio_ccw_cp.c
··· 481 481 ccw_tail = ccw_head + (iter->ch_len - 1) * sizeof(struct ccw1); 482 482 483 483 if ((ccw_head <= ccw->cda) && (ccw->cda <= ccw_tail)) { 484 - ccw->cda = (__u32) (addr_t) (iter->ch_ccw + 484 + ccw->cda = (__u32) (addr_t) (((char *)iter->ch_ccw) + 485 485 (ccw->cda - ccw_head)); 486 486 return 0; 487 487 }