[people/pmueller/ipfire-2.x.git] / src / patches / suse-2.6.27.25 / patches.arch / s390-08-09-switch-amode-off.patch

From: Gerald Schaefer <geraldsc@de.ibm.com>
Subject: kernel: Fix user copy functions (pagetable walk) with KERNEL_DS.
References: bnc#466462

Symptom:     Kernel OOPS / system hang on user program core dump on pre z9
             hardware.
Problem:     Passing incorrect addresses to user copy functions is not handled
             correctly when address spaces are switched and KERNEL_DS is set.
Solution:    Verify addresses by handling KERNEL_DS case in the same way as
             USER_DS (pagetable walk). Also disable switch_amode by default
             because pagetable walk has negative performance impact.

Acked-by: John Jolly <jjolly@suse.de>
---
 arch/s390/kernel/setup.c   |    4 ----
 arch/s390/lib/uaccess_pt.c |   32 +++++++-------------------------
 arch/s390/mm/pgtable.c     |    4 ++++
 3 files changed, 11 insertions(+), 29 deletions(-)

Index: linux-sles11/arch/s390/kernel/setup.c
===================================================================
--- linux-sles11.orig/arch/s390/kernel/setup.c
+++ linux-sles11/arch/s390/kernel/setup.c
@@ -285,11 +285,7 @@ static int __init early_parse_mem(char *
 early_param("mem", early_parse_mem);
 
 #ifdef CONFIG_S390_SWITCH_AMODE
-#ifdef CONFIG_PGSTE
-unsigned int switch_amode = 1;
-#else
 unsigned int switch_amode = 0;
-#endif
 EXPORT_SYMBOL_GPL(switch_amode);
 
 static int set_amode_and_uaccess(unsigned long user_amode,
Index: linux-sles11/arch/s390/mm/pgtable.c
===================================================================
--- linux-sles11.orig/arch/s390/mm/pgtable.c
+++ linux-sles11/arch/s390/mm/pgtable.c
@@ -256,6 +256,10 @@ int s390_enable_sie(void)
 	struct task_struct *tsk = current;
 	struct mm_struct *mm, *old_mm;
 
+	/* Do we have switched amode? If no, we cannot do sie */
+	if (!switch_amode)
+		return -EINVAL;
+
 	/* Do we have pgstes? if yes, we are done */
 	if (tsk->mm->context.pgstes)
 		return 0;
Index: linux-sles11/arch/s390/lib/uaccess_pt.c
===================================================================
--- linux-sles11.orig/arch/s390/lib/uaccess_pt.c
+++ linux-sles11/arch/s390/lib/uaccess_pt.c
@@ -43,8 +43,9 @@ static int __handle_fault(struct mm_stru
 	int ret = -EFAULT;
 	int fault;
 
-	if (in_atomic())
+	if (in_atomic() || segment_eq(get_fs(), KERNEL_DS))
 		return ret;
+
 	down_read(&mm->mmap_sem);
 	vma = find_vma(mm, address);
 	if (unlikely(!vma))
@@ -109,6 +110,8 @@ static size_t __user_copy_pt(unsigned lo
 	pte_t *pte;
 	void *from, *to;
 
+	if (segment_eq(get_fs(), KERNEL_DS))
+		mm = &init_mm;
 	done = 0;
 retry:
 	spin_lock(&mm->page_table_lock);
@@ -182,10 +185,6 @@ size_t copy_from_user_pt(size_t n, const
 {
 	size_t rc;
 
-	if (segment_eq(get_fs(), KERNEL_DS)) {
-		memcpy(to, (void __kernel __force *) from, n);
-		return 0;
-	}
 	rc = __user_copy_pt((unsigned long) from, to, n, 0);
 	if (unlikely(rc))
 		memset(to + n - rc, 0, rc);
@@ -194,10 +193,6 @@ size_t copy_from_user_pt(size_t n, const
 
 size_t copy_to_user_pt(size_t n, void __user *to, const void *from)
 {
-	if (segment_eq(get_fs(), KERNEL_DS)) {
-		memcpy((void __kernel __force *) to, from, n);
-		return 0;
-	}
 	return __user_copy_pt((unsigned long) to, (void *) from, n, 1);
 }
 
@@ -205,10 +200,6 @@ static size_t clear_user_pt(size_t n, vo
 {
 	long done, size, ret;
 
-	if (segment_eq(get_fs(), KERNEL_DS)) {
-		memset((void __kernel __force *) to, 0, n);
-		return 0;
-	}
 	done = 0;
 	do {
 		if (n - done > PAGE_SIZE)
@@ -234,7 +225,7 @@ static size_t strnlen_user_pt(size_t cou
 	size_t len_str;
 
 	if (segment_eq(get_fs(), KERNEL_DS))
-		return strnlen((const char __kernel __force *) src, count) + 1;
+		mm = &init_mm;
 	done = 0;
 retry:
 	spin_lock(&mm->page_table_lock);
@@ -276,13 +267,6 @@ static size_t strncpy_from_user_pt(size_
 		return -EFAULT;
 	if (n > count)
 		n = count;
-	if (segment_eq(get_fs(), KERNEL_DS)) {
-		memcpy(dst, (const char __kernel __force *) src, n);
-		if (dst[n-1] == '\0')
-			return n-1;
-		else
-			return n;
-	}
 	if (__user_copy_pt((unsigned long) src, dst, n, 0))
 		return -EFAULT;
 	if (dst[n-1] == '\0')
@@ -302,10 +286,8 @@ static size_t copy_in_user_pt(size_t n,
 	pte_t *pte_from, *pte_to;
 	int write_user;
 
-	if (segment_eq(get_fs(), KERNEL_DS)) {
-		memcpy((void __force *) to, (void __force *) from, n);
-		return 0;
-	}
+	if (segment_eq(get_fs(), KERNEL_DS))
+		mm = &init_mm;
 	done = 0;
 retry:
 	spin_lock(&mm->page_table_lock);
Commit	Line	Data
00e5a55c BS	1	From: Gerald Schaefer <geraldsc@de.ibm.com>
	2	Subject: kernel: Fix user copy functions (pagetable walk) with KERNEL_DS.
	3	References: bnc#466462
	4
	5	Symptom: Kernel OOPS / system hang on user program core dump on pre z9
	6	hardware.
	7	Problem: Passing incorrect addresses to user copy functions is not handled
	8	correctly when address spaces are switched and KERNEL_DS is set.
	9	Solution: Verify addresses by handling KERNEL_DS case in the same way as
	10	USER_DS (pagetable walk). Also disable switch_amode by default
	11	because pagetable walk has negative performance impact.
	12
	13	Acked-by: John Jolly <jjolly@suse.de>
	14	---
	15	arch/s390/kernel/setup.c \| 4 ----
	16	arch/s390/lib/uaccess_pt.c \| 32 +++++++-------------------------
	17	arch/s390/mm/pgtable.c \| 4 ++++
	18	3 files changed, 11 insertions(+), 29 deletions(-)
	19
	20	Index: linux-sles11/arch/s390/kernel/setup.c
	21	===================================================================
	22	--- linux-sles11.orig/arch/s390/kernel/setup.c
	23	+++ linux-sles11/arch/s390/kernel/setup.c
	24	@@ -285,11 +285,7 @@ static int __init early_parse_mem(char *
	25	early_param("mem", early_parse_mem);
	26
	27	#ifdef CONFIG_S390_SWITCH_AMODE
	28	-#ifdef CONFIG_PGSTE
	29	-unsigned int switch_amode = 1;
	30	-#else
	31	unsigned int switch_amode = 0;
	32	-#endif
	33	EXPORT_SYMBOL_GPL(switch_amode);
	34
	35	static int set_amode_and_uaccess(unsigned long user_amode,
	36	Index: linux-sles11/arch/s390/mm/pgtable.c
	37	===================================================================
	38	--- linux-sles11.orig/arch/s390/mm/pgtable.c
	39	+++ linux-sles11/arch/s390/mm/pgtable.c
	40	@@ -256,6 +256,10 @@ int s390_enable_sie(void)
	41	struct task_struct *tsk = current;
	42	struct mm_struct mm, old_mm;
	43
	44	+ /* Do we have switched amode? If no, we cannot do sie */
	45	+ if (!switch_amode)
	46	+ return -EINVAL;
	47	+
	48	/* Do we have pgstes? if yes, we are done */
	49	if (tsk->mm->context.pgstes)
	50	return 0;
	51	Index: linux-sles11/arch/s390/lib/uaccess_pt.c
	52	===================================================================
	53	--- linux-sles11.orig/arch/s390/lib/uaccess_pt.c
	54	+++ linux-sles11/arch/s390/lib/uaccess_pt.c
	55	@@ -43,8 +43,9 @@ static int __handle_fault(struct mm_stru
	56	int ret = -EFAULT;
	57	int fault;
	58
	59	- if (in_atomic())
	60	+ if (in_atomic() \|\| segment_eq(get_fs(), KERNEL_DS))
	61	return ret;
	62	+
	63	down_read(&mm->mmap_sem);
	64	vma = find_vma(mm, address);
65	if (unlikely(!vma))
66	@@ -109,6 +110,8 @@ static size_t __user_copy_pt(unsigned lo
67	pte_t *pte;
68	void from, to;
69
70	+ if (segment_eq(get_fs(), KERNEL_DS))
71	+ mm = &init_mm;
72	done = 0;
73	retry:
74	spin_lock(&mm->page_table_lock);
75	@@ -182,10 +185,6 @@ size_t copy_from_user_pt(size_t n, const
76	{
77	size_t rc;
78
79	- if (segment_eq(get_fs(), KERNEL_DS)) {
80	- memcpy(to, (void __kernel __force *) from, n);
81	- return 0;
82	- }
83	rc = __user_copy_pt((unsigned long) from, to, n, 0);
84	if (unlikely(rc))
85	memset(to + n - rc, 0, rc);
86	@@ -194,10 +193,6 @@ size_t copy_from_user_pt(size_t n, const
87
88	size_t copy_to_user_pt(size_t n, void __user to, const void from)
89	{
90	- if (segment_eq(get_fs(), KERNEL_DS)) {
91	- memcpy((void __kernel __force *) to, from, n);
92	- return 0;
93	- }
94	return __user_copy_pt((unsigned long) to, (void *) from, n, 1);
95	}
96
97	@@ -205,10 +200,6 @@ static size_t clear_user_pt(size_t n, vo
98	{
99	long done, size, ret;
100
101	- if (segment_eq(get_fs(), KERNEL_DS)) {
102	- memset((void __kernel __force *) to, 0, n);
103	- return 0;
104	- }
105	done = 0;
106	do {
107	if (n - done > PAGE_SIZE)
108	@@ -234,7 +225,7 @@ static size_t strnlen_user_pt(size_t cou
109	size_t len_str;
110
111	if (segment_eq(get_fs(), KERNEL_DS))
112	- return strnlen((const char __kernel __force *) src, count) + 1;
113	+ mm = &init_mm;
114	done = 0;
115	retry:
116	spin_lock(&mm->page_table_lock);
117	@@ -276,13 +267,6 @@ static size_t strncpy_from_user_pt(size_
118	return -EFAULT;
119	if (n > count)
120	n = count;
121	- if (segment_eq(get_fs(), KERNEL_DS)) {
122	- memcpy(dst, (const char __kernel __force *) src, n);
123	- if (dst[n-1] == '\0')
124	- return n-1;
125	- else
126	- return n;
127	- }
128	if (__user_copy_pt((unsigned long) src, dst, n, 0))
129	return -EFAULT;
130	if (dst[n-1] == '\0')
131	@@ -302,10 +286,8 @@ static size_t copy_in_user_pt(size_t n,
132	pte_t pte_from, pte_to;
133	int write_user;
134
135	- if (segment_eq(get_fs(), KERNEL_DS)) {
136	- memcpy((void __force ) to, (void __force ) from, n);
137	- return 0;
138	- }
139	+ if (segment_eq(get_fs(), KERNEL_DS))
140	+ mm = &init_mm;
141	done = 0;
142	retry:
143	spin_lock(&mm->page_table_lock);