6.1-stable patches

added patches:
	s390-sclp-fix-sccb-present-check.patch

diff --git a/queue-6.1/s390-sclp-fix-sccb-present-check.patch b/queue-6.1/s390-sclp-fix-sccb-present-check.patch
new file mode 100644 (file)
index 0000000..f45686c
--- /dev/null
+++ b/queue-6.1/s390-sclp-fix-sccb-present-check.patch
@@ -0,0 +1,65 @@
+From 430fa71027b6ac9bb0ce5532b8d0676777d4219a Mon Sep 17 00:00:00 2001
+From: Peter Oberparleiter <oberpar@linux.ibm.com>
+Date: Mon, 18 Aug 2025 12:21:52 +0200
+Subject: s390/sclp: Fix SCCB present check
+
+From: Peter Oberparleiter <oberpar@linux.ibm.com>
+
+commit 430fa71027b6ac9bb0ce5532b8d0676777d4219a upstream.
+
+Tracing code called by the SCLP interrupt handler contains early exits
+if the SCCB address associated with an interrupt is NULL. This check is
+performed after physical to virtual address translation.
+
+If the kernel identity mapping does not start at address zero, the
+resulting virtual address is never zero, so that the NULL checks won't
+work. Subsequently this may result in incorrect accesses to the first
+page of the identity mapping.
+
+Fix this by introducing a function that handles the NULL case before
+address translation.
+
+Fixes: ada1da31ce34 ("s390/sclp: sort out physical vs virtual pointers usage")
+Cc: stable@vger.kernel.org
+Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
+Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
+Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/s390/char/sclp.c |   11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- a/drivers/s390/char/sclp.c
++++ b/drivers/s390/char/sclp.c
+@@ -76,6 +76,13 @@ unsigned long sclp_console_full;
+ /* The currently active SCLP command word. */
+ static sclp_cmdw_t active_cmd;
+ 
++static inline struct sccb_header *sclpint_to_sccb(u32 sccb_int)
++{
++      if (sccb_int)
++              return __va(sccb_int);
++      return NULL;
++}
++
+ static inline void sclp_trace(int prio, char *id, u32 a, u64 b, bool err)
+ {
+       struct sclp_trace_entry e;
+@@ -625,7 +632,7 @@ __sclp_find_req(u32 sccb)
+ 
+ static bool ok_response(u32 sccb_int, sclp_cmdw_t cmd)
+ {
+-      struct sccb_header *sccb = (struct sccb_header *)__va(sccb_int);
++      struct sccb_header *sccb = sclpint_to_sccb(sccb_int);
+       struct evbuf_header *evbuf;
+       u16 response;
+ 
+@@ -664,7 +671,7 @@ static void sclp_interrupt_handler(struc
+ 
+       /* INT: Interrupt received (a=intparm, b=cmd) */
+       sclp_trace_sccb(0, "INT", param32, active_cmd, active_cmd,
+-                      (struct sccb_header *)__va(finished_sccb),
++                      sclpint_to_sccb(finished_sccb),
+                       !ok_response(finished_sccb, active_cmd));
+ 
+       if (finished_sccb) {

diff --git a/queue-6.1/series b/queue-6.1/series
index e55b43989bd92f40b0d0845c86a35cc2c4e81b1b..9096b5a92916f6cb59644b2e480ce82ac3e9e56a 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -396,3 +396,4 @@ mmc-sdhci-pci-gli-gl9763e-rename-the-gli_set_gl9763e-for-consistency.patch
 squashfs-fix-memory-leak-in-squashfs_fill_super.patch
 mm-debug_vm_pgtable-clear-page-table-entries-at-destroy_args.patch
 alsa-hda-realtek-add-support-for-hp-elitebook-x360-830-g6-and-elitebook-830-g6.patch
+s390-sclp-fix-sccb-present-check.patch