s390: fix floating point register corruption

The critical section cleanup code misses to add the offset of the
thread_struct to the task address.
Therefore, if the critical section code gets executed, it may corrupt
the task struct or restore the contents of the floating point registers
from the wrong memory location.
Fixes d0164ee20d "s390/kernel: remove save_fpu_regs() parameter and use
__LC_CURRENT instead".

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S
index 247b7aa..09b039d 100644 (file)
--- a/arch/s390/kernel/entry.S
+++ b/arch/s390/kernel/entry.S
@@ -1191,6 +1191,7 @@ cleanup_critical:
        clg     %r9,BASED(.Lcleanup_save_fpu_fpc_end)
        jhe     1f
        lg      %r2,__LC_CURRENT
+       aghi    %r2,__TASK_thread
 0:     # Store floating-point controls
        stfpc   __THREAD_FPU_fpc(%r2)
 1:     # Load register save area and check if VX is active
@@ -1252,6 +1253,7 @@ cleanup_critical:
        clg     %r9,BASED(.Lcleanup_load_fpu_regs_vx_ctl)
        jhe     6f
        lg      %r4,__LC_CURRENT
+       aghi    %r4,__TASK_thread
        lfpc    __THREAD_FPU_fpc(%r4)
        tm      __THREAD_FPU_flags+3(%r4),FPU_USE_VX    # VX-enabled task ?
        lg      %r4,__THREAD_FPU_regs(%r4)      # %r4 <- reg save area