s390/numa: always use logical cpu and core ids

The toptree algorithm uses the physical core ids to create a mapping
between cores and nodes (to_node_id array within emu_cores structure).
The core ids are used as an index into an array which size depends on
CONFIG_NR_CPUS. If the physical core ids are larger, this will result
in out-of-bounds write accesses.

Generate logical core ids instead to avoid this.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

diff --git a/arch/s390/include/asm/smp.h b/arch/s390/include/asm/smp.h
index 0cc383b9be7fc57051bcd8272687d9880f2b9ccc..8116b7b63af3180067ec2eefe27c3957ccf19aeb 100644 (file)
--- a/arch/s390/include/asm/smp.h
+++ b/arch/s390/include/asm/smp.h
@@ -69,6 +69,12 @@ static inline void smp_stop_cpu(void)
        }
 }
 
+/* Return thread 0 CPU number as base CPU */
+static inline int smp_get_base_cpu(int cpu)
+{
+       return cpu - (cpu % (smp_cpu_mtid + 1));
+}
+
 #ifdef CONFIG_HOTPLUG_CPU
 extern int smp_rescan_cpus(void);
 extern void __noreturn cpu_die(void);

diff --git a/arch/s390/numa/mode_emu.c b/arch/s390/numa/mode_emu.c
index 37e0bb835516f349758dc9f2e4e8e5aeab49b627..b83109328fec32c919d07788c82729941ee350a4 100644 (file)
--- a/arch/s390/numa/mode_emu.c
+++ b/arch/s390/numa/mode_emu.c
@@ -360,7 +360,7 @@ static struct toptree *toptree_from_topology(void)
                drawer = toptree_get_child(node, top->drawer_id);
                book = toptree_get_child(drawer, top->book_id);
                mc = toptree_get_child(book, top->socket_id);
-               core = toptree_get_child(mc, top->core_id);
+               core = toptree_get_child(mc, smp_get_base_cpu(cpu));
                if (!drawer || !book || !mc || !core)
                        panic("NUMA emulation could not allocate memory");
                cpumask_set_cpu(cpu, &core->mask);