Commit 51df97f9 authored Jun 27, 2025 by Linus Torvalds

Merge tag 's390-6.16-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Alexander Gordeev:

 - Fix incorrectly dropped dereferencing of the stack nth entry
   introduced with a previous KASAN false positive fix

 - Use a proper memdup_array_user() helper to prevent overflow in a
   protected key size calculation

* tag 's390-6.16-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth()
  s390/pkey: Prevent overflow in size calculation for memdup_user()

parents 9c2f9705 7f8073cf

arch/s390/include/asm/ptrace.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -265,7 +265,7 @@ static __always_inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *r
		addr = kernel_stack_pointer(regs) + n * sizeof(long);
		if (!regs_within_kernel_stack(regs, addr))
		return 0;
		return READ_ONCE_NOCHECK(addr);
		return READ_ONCE_NOCHECK((unsigned long )addr);
		}

		/**

drivers/s390/crypto/pkey_api.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -86,7 +86,7 @@ static void _copy_apqns_from_user(void __user uapqns, size_t nr_apqns)
		if (!uapqns \|\| nr_apqns == 0)
		return NULL;

		return memdup_user(uapqns, nr_apqns * sizeof(struct pkey_apqn));
		return memdup_array_user(uapqns, nr_apqns, sizeof(struct pkey_apqn));
		}

		static int pkey_ioctl_genseck(struct pkey_genseck __user *ugs)