s390/ptrace: Fix pointer dereferencing in regs_get_kernel_stack_nth()

hcahca · Alexander Gordeev · commit 7f8073cfb04a · 2025-06-17T18:15:25.000+02:00
The recent change which added READ_ONCE_NOCHECK() to read the nth entry from the kernel stack incorrectly dropped dereferencing of the stack pointer in order to read the requested entry. In result the address of the entry is returned instead of its content. Dereference the pointer again to fix this. Reported-by: Will Deacon <will@kernel.org> Closes: https://lore.kernel.org/r/20250612163331.GA13384@willie-the-truck Fixes: d93a855 ("s390/ptrace: Avoid KASAN false positives in regs_get_kernel_stack_nth()") Cc: stable@vger.kernel.org Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com> Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
diff --git a/arch/s390/include/asm/ptrace.h b/arch/s390/include/asm/ptrace.h
@@ -265,7 +265,7 @@ static __always_inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *r
 	addr = kernel_stack_pointer(regs) + n * sizeof(long);
 	if (!regs_within_kernel_stack(regs, addr))
 		return 0;
-	return READ_ONCE_NOCHECK(addr);
+	return READ_ONCE_NOCHECK(*(unsigned long *)addr);
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -265,7 +265,7 @@ static __always_inline unsigned long regs_get_kernel_stack_nth(struct pt_regs *r`
`265`	`265`	`addr = kernel_stack_pointer(regs) + n * sizeof(long);`
`266`	`266`	`if (!regs_within_kernel_stack(regs, addr))`
`267`	`267`	`return 0;`
`268`		`- return READ_ONCE_NOCHECK(addr);`
	`268`	`+ return READ_ONCE_NOCHECK((unsigned long )addr);`
`269`	`269`	`}`
`270`	`270`
`271`	`271`	`/**`