mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Harald Freudenberger 7c72af16ab s390/ap: Fix crash in AP internal function modify_bitmap() 
commit d4f9d5a99a upstream.

A system crash like this

  Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403
  Fault in home space mode while using kernel ASCE.
  AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d
  Oops: 0038 ilc:3 [#1] PREEMPT SMP
  Modules linked in: mlx5_ib ...
  CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8
  Hardware name: IBM 3931 A01 704 (LPAR)
  Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)
  R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
  Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3
  000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0
  000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff
  000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8
  Krnl Code: 0000014b75e7b5fc: a7840047            brc     8,0000014b75e7b68a
  0000014b75e7b600: 18b2                lr      %r11,%r2
  #0000014b75e7b602: a7f4000a            brc     15,0000014b75e7b616
  >0000014b75e7b606: eb22d00000e6        laog    %r2,%r2,0(%r13)
  0000014b75e7b60c: a7680001            lhi     %r6,1
  0000014b75e7b610: 187b                lr      %r7,%r11
  0000014b75e7b612: 84960021            brxh    %r9,%r6,0000014b75e7b654
  0000014b75e7b616: 18e9                lr      %r14,%r9
  Call Trace:
  [<0000014b75e7b606>] ap_parse_bitmap_str+0x10e/0x1f8
  ([<0000014b75e7b5dc>] ap_parse_bitmap_str+0xe4/0x1f8)
  [<0000014b75e7b758>] apmask_store+0x68/0x140
  [<0000014b75679196>] kernfs_fop_write_iter+0x14e/0x1e8
  [<0000014b75598524>] vfs_write+0x1b4/0x448
  [<0000014b7559894c>] ksys_write+0x74/0x100
  [<0000014b7618a440>] __do_syscall+0x268/0x328
  [<0000014b761a3558>] system_call+0x70/0x98
  INFO: lockdep is turned off.
  Last Breaking-Event-Address:
  [<0000014b75e7b636>] ap_parse_bitmap_str+0x13e/0x1f8
  Kernel panic - not syncing: Fatal exception: panic_on_oops

occured when /sys/bus/ap/a[pq]mask was updated with a relative mask value
(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.

The fix is simple: use unsigned long values for the internal variables. The
correct checks are already in place in the function but a simple int for
the internal variables was used with the possibility to overflow.

Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-06-16 13:28:52 +02:00
..
accessibility treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 70 2019-05-24 17:36:47 +02:00
acpi ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx 2024-06-16 13:28:49 +02:00
amba amba: bus: fix refcount leak 2023-09-23 10:59:52 +02:00
android binder: fix max_thread type inconsistency 2024-06-16 13:28:48 +02:00
ata ata: pata_legacy: make legacy_exit() work again 2024-06-16 13:28:49 +02:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-02-23 08:25:06 +01:00
auxdisplay auxdisplay: ht16k33: Fix frame buffer device blanking 2021-11-17 09:48:45 +01:00
base PM: sleep: wakeirq: fix wake irq warning in system suspend 2024-04-13 12:51:25 +02:00
bcma bcma: Fix memory leak for internally-handled cores 2021-09-15 09:47:37 +02:00
block null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() 2024-06-16 13:28:45 +02:00
bluetooth Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 2024-05-02 16:18:36 +02:00
bus bus: tegra-aconnect: Update dependency to ARCH_TEGRA 2024-03-26 18:22:15 -04:00
cdrom
char ppdev: Add an error check in register_device 2024-06-16 13:28:43 +02:00
clk clk: Don't hold prepare_lock when calling kref_put() 2024-05-17 11:43:53 +02:00
clocksource clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware 2023-11-28 16:50:13 +00:00
connector connector: remove redundant input callback from cn_dev 2019-07-21 13:31:14 -07:00
counter counter: 104-quad-8: Fix race condition between FLAG and CNTR reads 2023-05-17 11:35:31 +02:00
cpufreq cpufreq: exit() callback is optional 2024-06-16 13:28:34 +02:00
cpuidle cpuidle: dt: Return the correct numbers of parsed idle states 2023-01-18 11:40:53 +01:00
crypto crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak 2024-06-16 13:28:51 +02:00
dax dax: make sure inodes are flushed before destroy cache 2022-04-15 14:18:12 +02:00
dca treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 33 2019-05-24 17:27:11 +02:00
devfreq PM / devfreq: Fix leak in devfreq_dev_release() 2023-09-23 10:59:54 +02:00
dio drivers: dio: fix possible memory leak in dio_init() 2023-01-18 11:41:21 +01:00
dma dmaengine: idma64: Add check for dma_set_max_seg_size 2024-06-16 13:28:41 +02:00
dma-buf dma-buf/sw-sync: don't enable IRQ from sync_print_obj() 2024-06-16 13:28:47 +02:00
edac EDAC/thunderx: Fix possible out-of-bounds string access 2024-01-25 14:34:21 -08:00
eisa treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 210 2019-05-30 11:29:53 -07:00
extcon extcon: max8997: select IRQ_DOMAIN instead of depending on it 2024-06-16 13:28:43 +02:00
firewire firewire: nosy: ensure user_length is taken into account when fetching packet contents 2024-05-17 11:43:54 +02:00
firmware firmware: dmi-id: add a release callback function 2024-06-16 13:28:41 +02:00
fpga
fsi
gnss gnss: sirf: fix error return code in sirf_probe() 2020-06-22 09:31:20 +02:00
gpio gpio: crystalcove: Use -ENOTSUPP consistently 2024-05-17 11:43:52 +02:00
gpu drm/amdgpu: add error handle to avoid out-of-bounds 2024-06-16 13:28:49 +02:00
greybus greybus: svc: fix an error handling bug in gb_svc_hello() 2022-04-15 14:17:58 +02:00
hid HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors 2024-06-16 13:28:36 +02:00
hsi HSI: omap_ssi_core: Fix error handling in ssi_init() 2023-01-18 11:41:28 +01:00
hv Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs 2023-06-28 10:18:36 +02:00
hwmon hwmon: (amc6821) add of_match table 2024-04-13 12:51:26 +02:00
hwspinlock
hwtracing intel_th: pci: Add Meteor Lake-S CPU support 2024-06-16 13:28:51 +02:00
i2c i2c: smbus: fix NULL function pointer dereference 2024-05-02 16:18:37 +02:00
i3c i3c: master: cdns: Update maximum prescaler value for i2c clock 2024-02-23 08:25:02 +01:00
ide treewide: Remove uninitialized_var() usage 2023-06-09 10:29:01 +02:00
idle intel_idle: Disable IBRS during long idle 2022-10-07 09:16:55 +02:00
iio iio: pressure: dps310: support negative temperature values 2024-06-16 13:28:42 +02:00
infiniband RDMA/IPoIB: Fix format truncation compilation errors 2024-06-16 13:28:40 +02:00
input Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation 2024-06-16 13:28:43 +02:00
interconnect interconnect: Treat xlate() returning NULL node as an error 2024-01-08 11:29:45 +01:00
iommu iommu/amd: Mark interrupt as managed 2024-03-26 18:22:15 -04:00
ipack ipack: ipoctal: fix module reference leak 2021-10-06 15:42:36 +02:00
irqchip irqchip/alpine-msi: Fix off-by-one in allocation error path 2024-06-16 13:28:34 +02:00
isdn
leds leds: trigger: panic: Don't register panic notifier if creating the trigger failed 2024-02-23 08:25:02 +01:00
lightnvm lightnvm: disable the subsystem 2022-05-09 09:03:20 +02:00
macintosh macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" 2024-06-16 13:28:35 +02:00
mailbox mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 2023-07-27 08:37:23 +02:00
mcb mcb: fix error handling for different scenarios when parsing 2023-11-28 16:50:19 +00:00
md md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING 2024-06-16 13:28:50 +02:00
media media: v4l2-core: hold videodev_lock until dev reg, finishes 2024-06-16 13:28:50 +02:00
memory memory: brcmstb_dpfe: fix testing array offset after use 2023-07-27 08:37:14 +02:00
memstick
message
mfd mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref 2024-03-26 18:22:21 -04:00
misc VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() 2024-04-13 12:51:40 +02:00
mmc mmc: core: Do not force a retune before RPMB switch 2024-06-16 13:28:48 +02:00
mtd mtd: rawnand: hynix: fixed typo 2024-06-16 13:28:38 +02:00
mux drivers: Introduce device lookup variants by of_node 2019-07-30 13:07:41 +02:00
net wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU 2024-06-16 13:28:50 +02:00
nfc NFC: trf7970a: disable all regulators on removal 2024-05-02 16:18:33 +02:00
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-09-23 10:59:55 +02:00
nubus
nvdimm nd_btt: Make BTT lanes preemptible 2023-11-20 10:30:12 +01:00
nvme nvmet: fix ns enable/disable possible hang 2024-06-16 13:28:46 +02:00
nvmem nvmem: meson-efuse: fix function pointer type mismatch 2024-04-13 12:51:26 +02:00
of of: gpio unittest kfree() wrong object 2024-02-23 08:25:15 +01:00
opp
oprofile
parisc parisc: iosapic.c: Fix sparse warnings 2023-10-10 21:46:39 +02:00
parport parport: parport_serial: Add Brainboxes device IDs and geometry 2024-01-25 14:34:21 -08:00
pci PCI/PM: Drain runtime-idle callbacks before driver removal 2024-04-13 12:51:25 +02:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2023-11-20 10:30:14 +01:00
perf perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 2023-09-23 11:00:03 +02:00
phy phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP 2024-02-23 08:25:06 +01:00
pinctrl pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() 2024-05-25 16:17:16 +02:00
platform platform/x86: wmi: Make two functions static 2024-06-16 13:28:39 +02:00
pnp PNP: ACPI: fix fortify warning 2024-02-23 08:24:54 +01:00
power power: rt9455: hide unused rt9455_boost_voltage_values 2024-05-17 11:43:48 +02:00
powercap powercap: RAPL: Fix CONFIG_IOSF_MBI dependency 2023-07-27 08:37:06 +02:00
pps
ps3
ptp ptp: annotate data-race around q->head and q->tail 2023-11-28 16:50:16 +00:00
pwm pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume 2023-11-20 10:30:15 +01:00
rapidio
ras
regulator regulator: core: fix debugfs creation regression 2024-05-17 11:43:55 +02:00
remoteproc remoteproc: st: Call of_node_put() on iteration error 2023-05-17 11:36:01 +02:00
reset reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning 2024-01-25 14:34:20 -08:00
rpmsg rpmsg: virtio: Free driver_override when rpmsg_remove() 2024-02-23 08:24:48 +01:00
rtc rtc: mt6397: select IRQ_DOMAIN instead of depending on it 2024-03-26 18:22:24 -04:00
s390 s390/ap: Fix crash in AP internal function modify_bitmap() 2024-06-16 13:28:52 +02:00
sbus treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
scsi scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() 2024-06-16 13:28:44 +02:00
sfi
sh
siox
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-04-13 12:51:26 +02:00
soc soc: fsl: qbman: Use raw spinlock for cgr_lock 2024-04-13 12:51:27 +02:00
soundwire soundwire: cadence: fix invalid PDI offset 2024-06-16 13:28:41 +02:00
spi spi: stm32: Don't warn about spurious interrupts 2024-06-16 13:28:48 +02:00
spmi spmi: Add a check for remove callback when removing a SPMI driver 2023-05-17 11:35:49 +02:00
ssb treewide: Remove uninitialized_var() usage 2023-06-09 10:29:01 +02:00
staging greybus: arche-ctrl: move device table to its right location 2024-06-16 13:28:42 +02:00
target scsi: target: Fix SELinux error when systemd-modules loads the target module 2024-05-17 11:43:51 +02:00
tc
tee
thermal thermal: core: prevent potential string overflow 2023-11-20 10:30:09 +01:00
thunderbolt
tty serial: sh-sci: protect invalidating RXDMA on shutdown 2024-06-16 13:28:43 +02:00
uio uio: Fix use-after-free in uio_open 2024-01-25 14:34:21 -08:00
usb usb: gadget: u_audio: Clear uac pointer when freed. 2024-06-16 13:28:42 +02:00
vfio vfio/platform: Create persistent IRQ handlers 2024-04-13 12:51:34 +02:00
vhost vhost: Add smp_rmb() in vhost_vq_avail_empty() 2024-05-02 16:18:29 +02:00
video fbdev: savage: Handle err return when savagefb_check_var failed 2024-06-16 13:28:50 +02:00
virt vboxguest: Do not use devm for irq 2022-08-25 11:18:33 +02:00
virtio virtio: delete vq in vp_find_vqs_msix() when request_irq() fails 2024-06-16 13:28:46 +02:00
visorbus visorbus: fix error return code in visorchipset_init() 2021-07-14 16:53:42 +02:00
vlynq
vme
w1 w1: fix loop in w1_fini() 2023-07-27 08:37:19 +02:00
watchdog watchdog: stm32_iwdg: initialize default timeout 2024-03-26 18:22:24 -04:00
xen xen/events: close evtchn after mapping cleanup 2024-04-13 12:51:29 +02:00
zorro
Kconfig
Makefile