Re: [PATCH 4.9 27/33] futex: Remove duplicated code and fix undefined behaviour

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: 2018-05-18 09:02:06
Also in: linux-alpha, linux-arch, linux-arm-kernel, linux-mips, linux-s390, linux-sh, lkml, sparclinux, stable

On Fri, May 18, 2018 at 10:30:24AM +0200, Jiri Slaby wrote:

On 05/18/2018, 10:16 AM, Greg Kroah-Hartman wrote:

quoted

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jiri Slaby <redacted>

commit 30d6e0a4190d37740e9447e4e4815f06992dd8c3 upstream.

...

quoted

--- a/kernel/futex.c
+++ b/kernel/futex.c

@@ -1458,6 +1458,45 @@ out:
 	return ret;
 }
 
+static int futex_atomic_op_inuser(unsigned int encoded_op, u32 __user *uaddr)
+{
+	unsigned int op =	  (encoded_op & 0x70000000) >> 28;
+	unsigned int cmp =	  (encoded_op & 0x0f000000) >> 24;
+	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12);
+	int cmparg = sign_extend32(encoded_op & 0x00000fff, 12);

12 is wrong here – wherever you apply this, you need also a follow-up fix:
commit d70ef22892ed6c066e51e118b225923c9b74af34
Author: Jiri Slaby [off-list ref]
Date:   Thu Nov 30 15:35:44 2017 +0100

    futex: futex_wake_op, fix sign_extend32 sign bits

Thanks for letting me know, I've now queued it up to the needed trees.

greg k-h

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help