From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Message-ID: <1512493352.18523.180.camel@codethink.co.uk>
Subject: Re: [PATCH 4.4 02/96] s390/runtime instrumention: fix possible
 memory corruption
From: Ben Hutchings <ben.hutchings@codethink.co.uk>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org,
        Christian Borntraeger <borntraeger@de.ibm.com>,
        Heiko Carstens <heiko.carstens@de.ibm.com>,
        Martin Schwidefsky <schwidefsky@de.ibm.com>
Date: Tue, 05 Dec 2017 17:02:32 +0000
In-Reply-To: <20171128100503.204142514@linuxfoundation.org>
References: <20171128100503.067621614@linuxfoundation.org>
         <20171128100503.204142514@linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Tue, 2017-11-28 at 11:22 +0100, Greg Kroah-Hartman wrote:
> 4.4-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Heiko Carstens <heiko.carstens@de.ibm.com>
> 
> commit d6e646ad7cfa7034d280459b2b2546288f247144 upstream.
[...]
> --- a/arch/s390/kernel/runtime_instr.c
> +++ b/arch/s390/kernel/runtime_instr.c
> @@ -47,11 +47,13 @@ void exit_thread_runtime_instr(void)
>  {
>  	struct task_struct *task = current;
>  
> +	preempt_disable();
>  	if (!task->thread.ri_cb)
>  		return;

This return path now leaves preemption disabled.  This seems to have
been fixed upstream by commit 8d9047f8b967 "s390/runtime
instrumentation: simplify task exit handling".

Ben.

>  	disable_runtime_instr();
>  	kfree(task->thread.ri_cb);
>  	task->thread.ri_cb = NULL;
> +	preempt_enable();
>  }
>  
>  SYSCALL_DEFINE1(s390_runtime_instr, int, command)
[...]

-- 
Ben Hutchings
Software Developer, Codethink Ltd.