From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 2 Jul 2025 08:49:53 +0000 (+0200)
Subject: 6.6-stable patches
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9461ec42eaca28e88c1742e6e830bd5d25f7bf7e;p=thirdparty%2Fkernel%2Fstable-queue.git

6.6-stable patches

added patches:
	s390-entry-fix-last-breaking-event-handling-in-case-of-stack-corruption.patch
---

diff --git a/queue-6.6/s390-entry-fix-last-breaking-event-handling-in-case-of-stack-corruption.patch b/queue-6.6/s390-entry-fix-last-breaking-event-handling-in-case-of-stack-corruption.patch
new file mode 100644
index 0000000000..ac28fbfdb6
--- /dev/null
+++ b/queue-6.6/s390-entry-fix-last-breaking-event-handling-in-case-of-stack-corruption.patch
@@ -0,0 +1,37 @@
+From ae952eea6f4a7e2193f8721a5366049946e012e7 Mon Sep 17 00:00:00 2001
+From: Heiko Carstens <hca@linux.ibm.com>
+Date: Thu, 24 Apr 2025 17:07:01 +0200
+Subject: s390/entry: Fix last breaking event handling in case of stack corruption
+
+From: Heiko Carstens <hca@linux.ibm.com>
+
+commit ae952eea6f4a7e2193f8721a5366049946e012e7 upstream.
+
+In case of stack corruption stack_invalid() is called and the expectation
+is that register r10 contains the last breaking event address. This
+dependency is quite subtle and broke a couple of years ago without that
+anybody noticed.
+
+Fix this by getting rid of the dependency and read the last breaking event
+address from lowcore.
+
+Fixes: 56e62a737028 ("s390: convert to generic entry")
+Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
+Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/kernel/entry.S |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/s390/kernel/entry.S
++++ b/arch/s390/kernel/entry.S
+@@ -639,7 +639,7 @@ SYM_CODE_START(stack_overflow)
+ 	stmg	%r0,%r7,__PT_R0(%r11)
+ 	stmg	%r8,%r9,__PT_PSW(%r11)
+ 	mvc	__PT_R8(64,%r11),0(%r14)
+-	stg	%r10,__PT_ORIG_GPR2(%r11) # store last break to orig_gpr2
++	mvc	__PT_ORIG_GPR2(8,%r11),__LC_PGM_LAST_BREAK
+ 	xc	__SF_BACKCHAIN(8,%r15),__SF_BACKCHAIN(%r15)
+ 	lgr	%r2,%r11		# pass pointer to pt_regs
+ 	jg	kernel_stack_overflow
diff --git a/queue-6.6/series b/queue-6.6/series
index d5fb9fb161..5d1e3de795 100644
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -139,3 +139,4 @@ ksmbd-remove-unsafe_memcpy-use-in-session-setup.patch
 scripts-clean-up-ia-64-code.patch
 kbuild-rpm-pkg-simplify-installkernel-post.patch
 media-uvcvideo-rollback-non-processed-entities-on-error.patch
+s390-entry-fix-last-breaking-event-handling-in-case-of-stack-corruption.patch