4.4-stable patches

added patches:
	s390-mm-fix-gmap-tlb-flush-issues.patch

diff --git a/queue-4.4/s390-mm-fix-gmap-tlb-flush-issues.patch b/queue-4.4/s390-mm-fix-gmap-tlb-flush-issues.patch
new file mode 100644 (file)
index 0000000..0a6d2d9
--- /dev/null
+++ b/queue-4.4/s390-mm-fix-gmap-tlb-flush-issues.patch
@@ -0,0 +1,64 @@
+From f045402984404ddc11016358411e445192919047 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Date: Thu, 7 Jul 2016 10:44:10 +0200
+Subject: s390/mm: fix gmap tlb flush issues
+
+From: David Hildenbrand <dahi@linux.vnet.ibm.com>
+
+commit f045402984404ddc11016358411e445192919047 upstream.
+
+__tlb_flush_asce() should never be used if multiple asce belong to a mm.
+
+As this function changes mm logic determining if local or global tlb
+flushes will be neded, we might end up flushing only the gmap asce on all
+CPUs and a follow up mm asce flushes will only flush on the local CPU,
+although that asce ran on multiple CPUs.
+
+The missing tlb flushes will provoke strange faults in user space and even
+low address protections in user space, crashing the kernel.
+
+Fixes: 1b948d6caec4 ("s390/mm,tlb: optimize TLB flushing for zEC12")
+Cc: stable@vger.kernel.org # 3.15+
+Reported-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
+Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/include/asm/tlbflush.h |    3 ++-
+ arch/s390/mm/pgtable.c           |    4 ++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+--- a/arch/s390/include/asm/tlbflush.h
++++ b/arch/s390/include/asm/tlbflush.h
+@@ -81,7 +81,8 @@ static inline void __tlb_flush_full(stru
+ }
+ 
+ /*
+- * Flush TLB entries for a specific ASCE on all CPUs.
++ * Flush TLB entries for a specific ASCE on all CPUs. Should never be used
++ * when more than one asce (e.g. gmap) ran on this mm.
+  */
+ static inline void __tlb_flush_asce(struct mm_struct *mm, unsigned long asce)
+ {
+--- a/arch/s390/mm/pgtable.c
++++ b/arch/s390/mm/pgtable.c
+@@ -166,7 +166,7 @@ EXPORT_SYMBOL_GPL(gmap_alloc);
+ static void gmap_flush_tlb(struct gmap *gmap)
+ {
+       if (MACHINE_HAS_IDTE)
+-              __tlb_flush_asce(gmap->mm, gmap->asce);
++              __tlb_flush_idte(gmap->asce);
+       else
+               __tlb_flush_global();
+ }
+@@ -205,7 +205,7 @@ void gmap_free(struct gmap *gmap)
+ 
+       /* Flush tlb. */
+       if (MACHINE_HAS_IDTE)
+-              __tlb_flush_asce(gmap->mm, gmap->asce);
++              __tlb_flush_idte(gmap->asce);
+       else
+               __tlb_flush_global();
+ 

diff --git a/queue-4.4/series b/queue-4.4/series
index ccc7762f387bea5398d0ce018690c3c7e523468f..b91c7da089399609f659244a420c05dadc9bd716 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -92,3 +92,4 @@ acpi-nfit-check-for-the-correct-event-code-in-notifications.patch
 mm-workingset-fix-crash-in-shadow-node-shrinker-caused-by-replace_page_cache_page.patch
 mm-filemap-fix-mapping-nrpages-double-accounting-in-fuse.patch
 using-bug_on-as-an-assert-is-_never_-acceptable.patch
+s390-mm-fix-gmap-tlb-flush-issues.patch