From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:35408 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750890AbdIEISu (ORCPT ); Tue, 5 Sep 2017 04:18:50 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v858Ej3V090460 for ; Tue, 5 Sep 2017 04:18:50 -0400 Received: from e06smtp12.uk.ibm.com (e06smtp12.uk.ibm.com [195.75.94.108]) by mx0a-001b2d01.pphosted.com with ESMTP id 2csnv1qk51-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 05 Sep 2017 04:18:49 -0400 Received: from localhost by e06smtp12.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 5 Sep 2017 09:18:47 +0100 Date: Tue, 5 Sep 2017 10:18:42 +0200 From: Martin Schwidefsky To: Cc: stable@vger.kernel.org Subject: Re: FAILED: patch "[PATCH] s390/mm: fix BUG_ON in crst_table_upgrade" failed to apply to 4.12-stable tree In-Reply-To: <150452156151241@kroah.com> References: <150452156151241@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8BIT Message-Id: <20170905101842.194c2a49@mschwideX1> Sender: stable-owner@vger.kernel.org List-ID: On Mon, 04 Sep 2017 12:39:21 +0200 wrote: > The patch below does not apply to the 4.12-stable tree. > If someone wants it applied there, or to any other stable or longterm > tree, then please email the backport, including the original git commit > id to . The patch context looks a bit different in 4.12. Fixed with this version of the patch: -- >>From 66aa7812d5bc7a3488d75969067cfdae288c57fe Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky Date: Thu, 31 Aug 2017 13:18:22 +0200 Subject: [PATCH] s390/mm: fix BUG_ON in crst_table_upgrade commit 8ab867cb0806a8e195de161fd8883a0578d1d050 upstream. A 31-bit compat process can force a BUG_ON in crst_table_upgrade with specific, invalid mmap calls, e.g. mmap((void*) 0x7fff8000, 0x10000, 3, 32, -1, 0) The arch_get_unmapped_area[_topdown] functions miss an if condition in the decision to do a page table upgrade. [ms: Backport to 4.12, minor context change] Fixes: 9b11c7912d00 ("s390/mm: simplify arch_get_unmapped_area[_topdown]") Cc: # v4.12+ Signed-off-by: Martin Schwidefsky --- arch/s390/mm/mmap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c index b854b1da281a..888bee99fe64 100644 --- a/arch/s390/mm/mmap.c +++ b/arch/s390/mm/mmap.c @@ -119,7 +119,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, return addr; check_asce_limit: - if (addr + len > current->mm->context.asce_limit) { + if (addr + len > current->mm->context.asce_limit && + addr + len <= TASK_SIZE) { rc = crst_table_upgrade(mm); if (rc) return (unsigned long) rc; @@ -183,7 +184,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, } check_asce_limit: - if (addr + len > current->mm->context.asce_limit) { + if (addr + len > current->mm->context.asce_limit && + addr + len <= TASK_SIZE) { rc = crst_table_upgrade(mm); if (rc) return (unsigned long) rc; -- 2.13.5