release/5.2.22/s390-cio-exclude-subchannels-with-no-parent-from-pse.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-5.2 - Git at Google

 From 62f8f9d4ce895e3cc82e572c9b7e76db800f9380 Mon Sep 17 00:00:00 2001
 From: Vasily Gorbik <gor@linux.ibm.com>
 Date: Thu, 19 Sep 2019 15:55:17 +0200
 Subject: [PATCH] s390/cio: exclude subchannels with no parent from pseudo
  check

 commit ab5758848039de9a4b249d46e4ab591197eebaf2 upstream.

 ccw console is created early in start_kernel and used before css is
 initialized or ccw console subchannel is registered. Until then console
 subchannel does not have a parent. For that reason assume subchannels
 with no parent are not pseudo subchannels. This fixes the following
 kasan finding:

 BUG: KASAN: global-out-of-bounds in sch_is_pseudo_sch+0x8e/0x98
 Read of size 8 at addr 00000000000005e8 by task swapper/0/0

 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0-rc8-07370-g6ac43dd12538 #2
 Hardware name: IBM 2964 NC9 702 (z/VM 6.4.0)
 Call Trace:
 ([<000000000012cd76>] show_stack+0x14e/0x1e0)
  [<0000000001f7fb44>] dump_stack+0x1a4/0x1f8
  [<00000000007d7afc>] print_address_description+0x64/0x3c8
  [<00000000007d75f6>] __kasan_report+0x14e/0x180
  [<00000000018a2986>] sch_is_pseudo_sch+0x8e/0x98
  [<000000000189b950>] cio_enable_subchannel+0x1d0/0x510
  [<00000000018cac7c>] ccw_device_recognition+0x12c/0x188
  [<0000000002ceb1a8>] ccw_device_enable_console+0x138/0x340
  [<0000000002cf1cbe>] con3215_init+0x25e/0x300
  [<0000000002c8770a>] console_init+0x68a/0x9b8
  [<0000000002c6a3d6>] start_kernel+0x4fe/0x728
  [<0000000000100070>] startup_continue+0x70/0xd0

 Cc: stable@vger.kernel.org
 Reviewed-by: Sebastian Ott <sebott@linux.ibm.com>
 Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c
 index aea502922646..df09ed53ab45 100644
 --- a/drivers/s390/cio/css.c
 +++ b/drivers/s390/cio/css.c
 @@ -1213,6 +1213,8 @@ device_initcall(cio_settle_init);

  int sch_is_pseudo_sch(struct subchannel *sch)
  {
 +	if (!sch->dev.parent)
 +		return 0;
  	return sch == to_css(sch->dev.parent)->pseudo_subchannel;
  }

 --
 2.7.4
	From 62f8f9d4ce895e3cc82e572c9b7e76db800f9380 Mon Sep 17 00:00:00 2001
	From: Vasily Gorbik <gor@linux.ibm.com>
	Date: Thu, 19 Sep 2019 15:55:17 +0200
	Subject: [PATCH] s390/cio: exclude subchannels with no parent from pseudo
	check

	commit ab5758848039de9a4b249d46e4ab591197eebaf2 upstream.

	ccw console is created early in start_kernel and used before css is
	initialized or ccw console subchannel is registered. Until then console
	subchannel does not have a parent. For that reason assume subchannels
	with no parent are not pseudo subchannels. This fixes the following
	kasan finding:

	BUG: KASAN: global-out-of-bounds in sch_is_pseudo_sch+0x8e/0x98
	Read of size 8 at addr 00000000000005e8 by task swapper/0/0

	CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0-rc8-07370-g6ac43dd12538 #2
	Hardware name: IBM 2964 NC9 702 (z/VM 6.4.0)
	Call Trace:
	([<000000000012cd76>] show_stack+0x14e/0x1e0)
	[<0000000001f7fb44>] dump_stack+0x1a4/0x1f8
	[<00000000007d7afc>] print_address_description+0x64/0x3c8
	[<00000000007d75f6>] __kasan_report+0x14e/0x180
	[<00000000018a2986>] sch_is_pseudo_sch+0x8e/0x98
	[<000000000189b950>] cio_enable_subchannel+0x1d0/0x510
	[<00000000018cac7c>] ccw_device_recognition+0x12c/0x188
	[<0000000002ceb1a8>] ccw_device_enable_console+0x138/0x340
	[<0000000002cf1cbe>] con3215_init+0x25e/0x300
	[<0000000002c8770a>] console_init+0x68a/0x9b8
	[<0000000002c6a3d6>] start_kernel+0x4fe/0x728
	[<0000000000100070>] startup_continue+0x70/0xd0

	Cc: stable@vger.kernel.org
	Reviewed-by: Sebastian Ott <sebott@linux.ibm.com>
	Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c
	index aea502922646..df09ed53ab45 100644
	--- a/drivers/s390/cio/css.c
	+++ b/drivers/s390/cio/css.c
	@@ -1213,6 +1213,8 @@ device_initcall(cio_settle_init);

	int sch_is_pseudo_sch(struct subchannel *sch)
	{
	+ if (!sch->dev.parent)
	+ return 0;
	return sch == to_css(sch->dev.parent)->pseudo_subchannel;
	}

	--
	2.7.4