On Mon, 04 Sep 2017 12:39:21 +0200
<gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> The patch below does not apply to the 4.12-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@xxxxxxxxxxxxxxx>.
The patch context looks a bit different in 4.12. Fixed with this version
of the patch:
--
>From 66aa7812d5bc7a3488d75969067cfdae288c57fe Mon Sep 17 00:00:00 2001
From: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
Date: Thu, 31 Aug 2017 13:18:22 +0200
Subject: [PATCH] s390/mm: fix BUG_ON in crst_table_upgrade
commit 8ab867cb0806a8e195de161fd8883a0578d1d050 upstream.
A 31-bit compat process can force a BUG_ON in crst_table_upgrade
with specific, invalid mmap calls, e.g.
mmap((void*) 0x7fff8000, 0x10000, 3, 32, -1, 0)
The arch_get_unmapped_area[_topdown] functions miss an if condition
in the decision to do a page table upgrade.
[ms: Backport to 4.12, minor context change]
Fixes: 9b11c7912d00 ("s390/mm: simplify arch_get_unmapped_area[_topdown]")
Cc: <stable@xxxxxxxxxxxxxxx> # v4.12+
Signed-off-by: Martin Schwidefsky <schwidefsky@xxxxxxxxxx>
---
arch/s390/mm/mmap.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
index b854b1da281a..888bee99fe64 100644
--- a/arch/s390/mm/mmap.c
+++ b/arch/s390/mm/mmap.c
@@ -119,7 +119,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
return addr;
check_asce_limit:
- if (addr + len > current->mm->context.asce_limit) {
+ if (addr + len > current->mm->context.asce_limit &&
+ addr + len <= TASK_SIZE) {
rc = crst_table_upgrade(mm);
if (rc)
return (unsigned long) rc;
@@ -183,7 +184,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
}
check_asce_limit:
- if (addr + len > current->mm->context.asce_limit) {
+ if (addr + len > current->mm->context.asce_limit &&
+ addr + len <= TASK_SIZE) {
rc = crst_table_upgrade(mm);
if (rc)
return (unsigned long) rc;
--
2.13.5