* FAILED: patch "[PATCH] s390/ptrace: Fix pointer dereferencing in" failed to apply to 6.15-stable tree
@ 2025-06-29 12:41 gregkh
2025-06-30 8:23 ` [PATCH 6.15.y] s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth() Heiko Carstens
0 siblings, 1 reply; 3+ messages in thread
From: gregkh @ 2025-06-29 12:41 UTC (permalink / raw)
To: hca, agordeev, will; +Cc: stable
The patch below does not apply to the 6.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y
git checkout FETCH_HEAD
git cherry-pick -x 7f8073cfb04a97842fe891ca50dad60afd1e3121
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2025062928-revival-saint-3ba2@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 7f8073cfb04a97842fe891ca50dad60afd1e3121 Mon Sep 17 00:00:00 2001
From: Heiko Carstens <hca@linux.ibm.com>
Date: Fri, 13 Jun 2025 17:53:04 +0200
Subject: [PATCH] s390/ptrace: Fix pointer dereferencing in
regs_get_kernel_stack_nth()
The recent change which added READ_ONCE_NOCHECK() to read the nth entry
from the kernel stack incorrectly dropped dereferencing of the stack
pointer in order to read the requested entry.
In result the address of the entry is returned instead of its content.
Dereference the pointer again to fix this.
Reported-by: Will Deacon <will@kernel.org>
Closes: https://lore.kernel.org/r/20250612163331.GA13384@willie-the-truck
Fixes: d93a855c31b7 ("s390/ptrace: Avoid KASAN false positives in regs_get_kernel_stack_nth()")
Cc: stable@vger.kernel.org
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
diff --git a/arch/s390/include/asm/ptrace.h b/arch/s390/include/asm/ptrace.h
index 62c0ab4a4b9d..0905fa99a31e 100644
--- a/arch/s390/include/asm/ptrace.h
+++ b/arch/s390/include/asm/ptrace.h
@@ -265,7 +265,7 @@ static __always_inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *r
addr = kernel_stack_pointer(regs) + n * sizeof(long);
if (!regs_within_kernel_stack(regs, addr))
return 0;
- return READ_ONCE_NOCHECK(addr);
+ return READ_ONCE_NOCHECK(*(unsigned long *)addr);
}
/**
^ permalink raw reply related [flat|nested] 3+ messages in thread* [PATCH 6.15.y] s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth()
2025-06-29 12:41 FAILED: patch "[PATCH] s390/ptrace: Fix pointer dereferencing in" failed to apply to 6.15-stable tree gregkh
@ 2025-06-30 8:23 ` Heiko Carstens
2025-07-01 1:15 ` Sasha Levin
0 siblings, 1 reply; 3+ messages in thread
From: Heiko Carstens @ 2025-06-30 8:23 UTC (permalink / raw)
To: stable; +Cc: Heiko Carstens, Will Deacon, Alexander Gordeev
The recent change which added READ_ONCE_NOCHECK() to read the nth entry
from the kernel stack incorrectly dropped dereferencing of the stack
pointer in order to read the requested entry.
In result the address of the entry is returned instead of its content.
Dereference the pointer again to fix this.
Reported-by: Will Deacon <will@kernel.org>
Closes: https://lore.kernel.org/r/20250612163331.GA13384@willie-the-truck
Fixes: d93a855c31b7 ("s390/ptrace: Avoid KASAN false positives in regs_get_kernel_stack_nth()")
Cc: stable@vger.kernel.org
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
(cherry picked from commit 7f8073cfb04a97842fe891ca50dad60afd1e3121)
---
arch/s390/kernel/ptrace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
index 34b8d9e745df..1b8bc1720d60 100644
--- a/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@ -1574,5 +1574,5 @@ unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs, unsigned int n)
addr = kernel_stack_pointer(regs) + n * sizeof(long);
if (!regs_within_kernel_stack(regs, addr))
return 0;
- return READ_ONCE_NOCHECK(addr);
+ return READ_ONCE_NOCHECK(*(unsigned long *)addr);
}
--
2.48.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH 6.15.y] s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth()
2025-06-30 8:23 ` [PATCH 6.15.y] s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth() Heiko Carstens
@ 2025-07-01 1:15 ` Sasha Levin
0 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2025-07-01 1:15 UTC (permalink / raw)
To: stable, hca; +Cc: Sasha Levin
[ Sasha's backport helper bot ]
Hi,
Summary of potential issues:
⚠️ Found matching upstream commit but patch is missing proper reference to it
Found matching upstream commit: 7f8073cfb04a97842fe891ca50dad60afd1e3121
Note: The patch differs from the upstream commit:
---
1: 7f8073cfb04a9 < -: ------------- s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth()
-: ------------- > 1: 18f3ce7cfe6bf s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth()
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.15.y | Success | Success |
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-07-01 1:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-29 12:41 FAILED: patch "[PATCH] s390/ptrace: Fix pointer dereferencing in" failed to apply to 6.15-stable tree gregkh
2025-06-30 8:23 ` [PATCH 6.15.y] s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth() Heiko Carstens
2025-07-01 1:15 ` Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox