Commit cf6fc5ee authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 's390-6.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 

Pull s390 fixes from Alexander Gordeev:

 - When kernel lockdown is active userspace tools that rely on read
   operations only are unnecessarily blocked. Fix that by avoiding ioctl
   registration during lockdown

 - Invalid NULL pointer accesses succeed due to the lowcore is always
   mapped the identity mapping pinned to zero. To fix that never map the
   first two pages of physical memory with identity mapping

 - Fix invalid SCCB present check in the SCLP interrupt handler

 - Update defconfigs

* tag 's390-6.17-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/hypfs: Enable limited access during lockdown
  s390/hypfs: Avoid unnecessary ioctl registration in debugfs
  s390/mm: Do not map lowcore with identity mapping
  s390/sclp: Fix SCCB present check
  s390/configs: Set HZ=1000
  s390/configs: Update defconfigs
parents b3d80535 3868f910

arch/s390/boot/vmem.c

+3 −0
Original line number Diff line number Diff line
@@ -530,6 +530,9 @@ void setup_vmem(unsigned long kernel_start, unsigned long kernel_end, unsigned l 
			 lowcore_address + sizeof(struct lowcore),

			 POPULATE_LOWCORE);

	for_each_physmem_usable_range(i, &start, &end) {

		/* Do not map lowcore with identity mapping */

		if (!start)

			start = sizeof(struct lowcore);

		pgtable_populate((unsigned long)__identity_va(start),

				 (unsigned long)__identity_va(end),

				 POPULATE_IDENTITY);

arch/s390/configs/debug_defconfig

+16 −17
Original line number Diff line number Diff line
@@ -5,6 +5,7 @@ CONFIG_WATCH_QUEUE=y 
CONFIG_AUDIT=y

CONFIG_NO_HZ_IDLE=y

CONFIG_HIGH_RES_TIMERS=y

CONFIG_POSIX_AUX_CLOCKS=y

CONFIG_BPF_SYSCALL=y

CONFIG_BPF_JIT=y

CONFIG_BPF_JIT_ALWAYS_ON=y
@@ -19,6 +20,7 @@ CONFIG_TASK_XACCT=y 
CONFIG_TASK_IO_ACCOUNTING=y

CONFIG_IKCONFIG=y

CONFIG_IKCONFIG_PROC=y

CONFIG_SCHED_PROXY_EXEC=y

CONFIG_NUMA_BALANCING=y

CONFIG_MEMCG=y

CONFIG_BLK_CGROUP=y
@@ -42,6 +44,7 @@ CONFIG_PROFILING=y 
CONFIG_KEXEC=y

CONFIG_KEXEC_FILE=y

CONFIG_KEXEC_SIG=y

CONFIG_CRASH_DM_CRYPT=y

CONFIG_LIVEPATCH=y

CONFIG_MARCH_Z13=y

CONFIG_NR_CPUS=512
@@ -105,6 +108,7 @@ CONFIG_CMA_AREAS=7 
CONFIG_MEM_SOFT_DIRTY=y

CONFIG_DEFERRED_STRUCT_PAGE_INIT=y

CONFIG_IDLE_PAGE_TRACKING=y

CONFIG_ZONE_DEVICE=y

CONFIG_PERCPU_STATS=y

CONFIG_GUP_TEST=y

CONFIG_ANON_VMA_NAME=y
@@ -223,17 +227,19 @@ CONFIG_NETFILTER_XT_TARGET_CONNMARK=m 
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m

CONFIG_NETFILTER_XT_TARGET_CT=m

CONFIG_NETFILTER_XT_TARGET_DSCP=m

CONFIG_NETFILTER_XT_TARGET_HL=m

CONFIG_NETFILTER_XT_TARGET_HMARK=m

CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m

CONFIG_NETFILTER_XT_TARGET_LOG=m

CONFIG_NETFILTER_XT_TARGET_MARK=m

CONFIG_NETFILTER_XT_NAT=m

CONFIG_NETFILTER_XT_TARGET_NETMAP=m

CONFIG_NETFILTER_XT_TARGET_NFLOG=m

CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m

CONFIG_NETFILTER_XT_TARGET_REDIRECT=m

CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m

CONFIG_NETFILTER_XT_TARGET_TEE=m

CONFIG_NETFILTER_XT_TARGET_TPROXY=m

CONFIG_NETFILTER_XT_TARGET_TRACE=m

CONFIG_NETFILTER_XT_TARGET_SECMARK=m

CONFIG_NETFILTER_XT_TARGET_TCPMSS=m

CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
@@ -248,6 +254,7 @@ CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m 
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m

CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m

CONFIG_NETFILTER_XT_MATCH_CPU=m

CONFIG_NETFILTER_XT_MATCH_DCCP=m

CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m

CONFIG_NETFILTER_XT_MATCH_DSCP=m

CONFIG_NETFILTER_XT_MATCH_ESP=m
@@ -318,16 +325,8 @@ CONFIG_IP_NF_MATCH_AH=m 
CONFIG_IP_NF_MATCH_ECN=m

CONFIG_IP_NF_MATCH_RPFILTER=m

CONFIG_IP_NF_MATCH_TTL=m

CONFIG_IP_NF_FILTER=m

CONFIG_IP_NF_TARGET_REJECT=m

CONFIG_IP_NF_NAT=m

CONFIG_IP_NF_TARGET_MASQUERADE=m

CONFIG_IP_NF_MANGLE=m

CONFIG_IP_NF_TARGET_ECN=m

CONFIG_IP_NF_TARGET_TTL=m

CONFIG_IP_NF_RAW=m

CONFIG_IP_NF_SECURITY=m

CONFIG_IP_NF_ARPFILTER=m

CONFIG_IP_NF_ARP_MANGLE=m

CONFIG_NFT_FIB_IPV6=m

CONFIG_IP6_NF_IPTABLES=m
@@ -340,15 +339,9 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m 
CONFIG_IP6_NF_MATCH_MH=m

CONFIG_IP6_NF_MATCH_RPFILTER=m

CONFIG_IP6_NF_MATCH_RT=m

CONFIG_IP6_NF_TARGET_HL=m

CONFIG_IP6_NF_FILTER=m

CONFIG_IP6_NF_TARGET_REJECT=m

CONFIG_IP6_NF_MANGLE=m

CONFIG_IP6_NF_RAW=m

CONFIG_IP6_NF_SECURITY=m

CONFIG_IP6_NF_NAT=m

CONFIG_IP6_NF_TARGET_MASQUERADE=m

CONFIG_NF_TABLES_BRIDGE=m

CONFIG_IP_SCTP=m

CONFIG_RDS=m

CONFIG_RDS_RDMA=m

CONFIG_RDS_TCP=m
@@ -383,6 +376,7 @@ CONFIG_NET_SCH_FQ_CODEL=m 
CONFIG_NET_SCH_INGRESS=m

CONFIG_NET_SCH_PLUG=m

CONFIG_NET_SCH_ETS=m

CONFIG_NET_SCH_DUALPI2=m

CONFIG_NET_CLS_BASIC=m

CONFIG_NET_CLS_ROUTE4=m

CONFIG_NET_CLS_FW=m
@@ -504,6 +498,7 @@ CONFIG_DM_VDO=m 
CONFIG_NETDEVICES=y

CONFIG_BONDING=m

CONFIG_DUMMY=m

CONFIG_OVPN=m

CONFIG_EQUALIZER=m

CONFIG_IFB=m

CONFIG_MACVLAN=m
@@ -641,6 +636,7 @@ CONFIG_VP_VDPA=m 
CONFIG_VHOST_NET=m

CONFIG_VHOST_VSOCK=m

CONFIG_VHOST_VDPA=m

CONFIG_DEV_DAX=m

CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y
@@ -665,6 +661,7 @@ CONFIG_NILFS2_FS=m 
CONFIG_BCACHEFS_FS=y

CONFIG_BCACHEFS_QUOTA=y

CONFIG_BCACHEFS_POSIX_ACL=y

CONFIG_FS_DAX=y

CONFIG_EXPORTFS_BLOCK_OPS=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FS_VERITY=y
@@ -755,6 +752,8 @@ CONFIG_HARDENED_USERCOPY=y 
CONFIG_BUG_ON_DATA_CORRUPTION=y

CONFIG_CRYPTO_USER=m

CONFIG_CRYPTO_SELFTESTS=y

CONFIG_CRYPTO_SELFTESTS_FULL=y

CONFIG_CRYPTO_NULL=y

CONFIG_CRYPTO_PCRYPT=m

CONFIG_CRYPTO_CRYPTD=m

CONFIG_CRYPTO_BENCHMARK=m
@@ -783,7 +782,6 @@ CONFIG_CRYPTO_HCTR2=m 
CONFIG_CRYPTO_LRW=m

CONFIG_CRYPTO_PCBC=m

CONFIG_CRYPTO_AEGIS128=m

CONFIG_CRYPTO_CHACHA20POLY1305=m

CONFIG_CRYPTO_GCM=y

CONFIG_CRYPTO_SEQIV=y

CONFIG_CRYPTO_MD4=m
@@ -822,6 +820,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING=y 
CONFIG_CRYPTO_KRB5=m

CONFIG_CRYPTO_KRB5_SELFTESTS=y

CONFIG_CORDIC=m

CONFIG_TRACE_MMIO_ACCESS=y

CONFIG_RANDOM32_SELFTEST=y

CONFIG_XZ_DEC_MICROLZMA=y

CONFIG_DMA_CMA=y

arch/s390/configs/defconfig

+15 −19
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ CONFIG_WATCH_QUEUE=y 
CONFIG_AUDIT=y

CONFIG_NO_HZ_IDLE=y

CONFIG_HIGH_RES_TIMERS=y

CONFIG_POSIX_AUX_CLOCKS=y

CONFIG_BPF_SYSCALL=y

CONFIG_BPF_JIT=y

CONFIG_BPF_JIT_ALWAYS_ON=y
@@ -17,6 +18,7 @@ CONFIG_TASK_XACCT=y 
CONFIG_TASK_IO_ACCOUNTING=y

CONFIG_IKCONFIG=y

CONFIG_IKCONFIG_PROC=y

CONFIG_SCHED_PROXY_EXEC=y

CONFIG_NUMA_BALANCING=y

CONFIG_MEMCG=y

CONFIG_BLK_CGROUP=y
@@ -40,11 +42,12 @@ CONFIG_PROFILING=y 
CONFIG_KEXEC=y

CONFIG_KEXEC_FILE=y

CONFIG_KEXEC_SIG=y

CONFIG_CRASH_DM_CRYPT=y

CONFIG_LIVEPATCH=y

CONFIG_MARCH_Z13=y

CONFIG_NR_CPUS=512

CONFIG_NUMA=y

CONFIG_HZ_100=y

CONFIG_HZ_1000=y

CONFIG_CERT_STORE=y

CONFIG_EXPOLINE=y

CONFIG_EXPOLINE_AUTO=y
@@ -97,6 +100,7 @@ CONFIG_CMA_AREAS=7 
CONFIG_MEM_SOFT_DIRTY=y

CONFIG_DEFERRED_STRUCT_PAGE_INIT=y

CONFIG_IDLE_PAGE_TRACKING=y

CONFIG_ZONE_DEVICE=y

CONFIG_PERCPU_STATS=y

CONFIG_ANON_VMA_NAME=y

CONFIG_USERFAULTFD=y
@@ -214,17 +218,19 @@ CONFIG_NETFILTER_XT_TARGET_CONNMARK=m 
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m

CONFIG_NETFILTER_XT_TARGET_CT=m

CONFIG_NETFILTER_XT_TARGET_DSCP=m

CONFIG_NETFILTER_XT_TARGET_HL=m

CONFIG_NETFILTER_XT_TARGET_HMARK=m

CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m

CONFIG_NETFILTER_XT_TARGET_LOG=m

CONFIG_NETFILTER_XT_TARGET_MARK=m

CONFIG_NETFILTER_XT_NAT=m

CONFIG_NETFILTER_XT_TARGET_NETMAP=m

CONFIG_NETFILTER_XT_TARGET_NFLOG=m

CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m

CONFIG_NETFILTER_XT_TARGET_REDIRECT=m

CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m

CONFIG_NETFILTER_XT_TARGET_TEE=m

CONFIG_NETFILTER_XT_TARGET_TPROXY=m

CONFIG_NETFILTER_XT_TARGET_TRACE=m

CONFIG_NETFILTER_XT_TARGET_SECMARK=m

CONFIG_NETFILTER_XT_TARGET_TCPMSS=m

CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
@@ -239,6 +245,7 @@ CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m 
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m

CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m

CONFIG_NETFILTER_XT_MATCH_CPU=m

CONFIG_NETFILTER_XT_MATCH_DCCP=m

CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m

CONFIG_NETFILTER_XT_MATCH_DSCP=m

CONFIG_NETFILTER_XT_MATCH_ESP=m
@@ -309,16 +316,8 @@ CONFIG_IP_NF_MATCH_AH=m 
CONFIG_IP_NF_MATCH_ECN=m

CONFIG_IP_NF_MATCH_RPFILTER=m

CONFIG_IP_NF_MATCH_TTL=m

CONFIG_IP_NF_FILTER=m

CONFIG_IP_NF_TARGET_REJECT=m

CONFIG_IP_NF_NAT=m

CONFIG_IP_NF_TARGET_MASQUERADE=m

CONFIG_IP_NF_MANGLE=m

CONFIG_IP_NF_TARGET_ECN=m

CONFIG_IP_NF_TARGET_TTL=m

CONFIG_IP_NF_RAW=m

CONFIG_IP_NF_SECURITY=m

CONFIG_IP_NF_ARPFILTER=m

CONFIG_IP_NF_ARP_MANGLE=m

CONFIG_NFT_FIB_IPV6=m

CONFIG_IP6_NF_IPTABLES=m
@@ -331,15 +330,9 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m 
CONFIG_IP6_NF_MATCH_MH=m

CONFIG_IP6_NF_MATCH_RPFILTER=m

CONFIG_IP6_NF_MATCH_RT=m

CONFIG_IP6_NF_TARGET_HL=m

CONFIG_IP6_NF_FILTER=m

CONFIG_IP6_NF_TARGET_REJECT=m

CONFIG_IP6_NF_MANGLE=m

CONFIG_IP6_NF_RAW=m

CONFIG_IP6_NF_SECURITY=m

CONFIG_IP6_NF_NAT=m

CONFIG_IP6_NF_TARGET_MASQUERADE=m

CONFIG_NF_TABLES_BRIDGE=m

CONFIG_IP_SCTP=m

CONFIG_RDS=m

CONFIG_RDS_RDMA=m

CONFIG_RDS_TCP=m
@@ -373,6 +366,7 @@ CONFIG_NET_SCH_FQ_CODEL=m 
CONFIG_NET_SCH_INGRESS=m

CONFIG_NET_SCH_PLUG=m

CONFIG_NET_SCH_ETS=m

CONFIG_NET_SCH_DUALPI2=m

CONFIG_NET_CLS_BASIC=m

CONFIG_NET_CLS_ROUTE4=m

CONFIG_NET_CLS_FW=m
@@ -494,6 +488,7 @@ CONFIG_DM_VDO=m 
CONFIG_NETDEVICES=y

CONFIG_BONDING=m

CONFIG_DUMMY=m

CONFIG_OVPN=m

CONFIG_EQUALIZER=m

CONFIG_IFB=m

CONFIG_MACVLAN=m
@@ -631,6 +626,7 @@ CONFIG_VP_VDPA=m 
CONFIG_VHOST_NET=m

CONFIG_VHOST_VSOCK=m

CONFIG_VHOST_VDPA=m

CONFIG_DEV_DAX=m

CONFIG_EXT4_FS=y

CONFIG_EXT4_FS_POSIX_ACL=y

CONFIG_EXT4_FS_SECURITY=y
@@ -652,6 +648,7 @@ CONFIG_NILFS2_FS=m 
CONFIG_BCACHEFS_FS=m

CONFIG_BCACHEFS_QUOTA=y

CONFIG_BCACHEFS_POSIX_ACL=y

CONFIG_FS_DAX=y

CONFIG_EXPORTFS_BLOCK_OPS=y

CONFIG_FS_ENCRYPTION=y

CONFIG_FS_VERITY=y
@@ -683,7 +680,6 @@ CONFIG_TMPFS_POSIX_ACL=y 
CONFIG_TMPFS_INODE64=y

CONFIG_TMPFS_QUOTA=y

CONFIG_HUGETLBFS=y

CONFIG_CONFIGFS_FS=m

CONFIG_ECRYPT_FS=m

CONFIG_CRAMFS=m

CONFIG_SQUASHFS=m
@@ -741,6 +737,7 @@ CONFIG_BUG_ON_DATA_CORRUPTION=y 
CONFIG_CRYPTO_FIPS=y

CONFIG_CRYPTO_USER=m

CONFIG_CRYPTO_SELFTESTS=y

CONFIG_CRYPTO_NULL=y

CONFIG_CRYPTO_PCRYPT=m

CONFIG_CRYPTO_CRYPTD=m

CONFIG_CRYPTO_BENCHMARK=m
@@ -769,7 +766,6 @@ CONFIG_CRYPTO_HCTR2=m 
CONFIG_CRYPTO_LRW=m

CONFIG_CRYPTO_PCBC=m

CONFIG_CRYPTO_AEGIS128=m

CONFIG_CRYPTO_CHACHA20POLY1305=m

CONFIG_CRYPTO_GCM=y

CONFIG_CRYPTO_SEQIV=y

CONFIG_CRYPTO_MD4=m

arch/s390/configs/zfcpdump_defconfig

+2 −1
Original line number Diff line number Diff line 
CONFIG_NO_HZ_IDLE=y

CONFIG_HIGH_RES_TIMERS=y

CONFIG_POSIX_AUX_CLOCKS=y

CONFIG_BPF_SYSCALL=y

# CONFIG_CPU_ISOLATION is not set

# CONFIG_UTS_NS is not set
@@ -11,7 +12,7 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y 
CONFIG_KEXEC=y

CONFIG_MARCH_Z13=y

CONFIG_NR_CPUS=2

CONFIG_HZ_100=y

CONFIG_HZ_1000=y

# CONFIG_CHSC_SCH is not set

# CONFIG_SCM_BUS is not set

# CONFIG_AP is not set

arch/s390/hypfs/hypfs_dbfs.c

+12 −7
Original line number Diff line number Diff line
@@ -6,6 +6,7 @@ 
 * Author(s): Michael Holzheu <holzheu@linux.vnet.ibm.com>

 */



#include <linux/security.h>

#include <linux/slab.h>

#include "hypfs.h"
@@ -66,23 +67,27 @@ static long dbfs_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 
	long rc;



	mutex_lock(&df->lock);

	if (df->unlocked_ioctl)

	rc = df->unlocked_ioctl(file, cmd, arg);

	else

		rc = -ENOTTY;

	mutex_unlock(&df->lock);

	return rc;

}



static const struct file_operations dbfs_ops = {

static const struct file_operations dbfs_ops_ioctl = {

	.read		= dbfs_read,

	.unlocked_ioctl = dbfs_ioctl,

};



static const struct file_operations dbfs_ops = {

	.read		= dbfs_read,

};



void hypfs_dbfs_create_file(struct hypfs_dbfs_file *df)

{

	df->dentry = debugfs_create_file(df->name, 0400, dbfs_dir, df,

					 &dbfs_ops);

	const struct file_operations *fops = &dbfs_ops;



	if (df->unlocked_ioctl && !security_locked_down(LOCKDOWN_DEBUGFS))

		fops = &dbfs_ops_ioctl;

	df->dentry = debugfs_create_file(df->name, 0400, dbfs_dir, df, fops);

	mutex_init(&df->lock);

}