diff options
| author | Michel Lespinasse <walken@google.com> | 2011-03-10 21:48:51 -0500 |
|---|---|---|
| committer | Thomas Gleixner <tglx@linutronix.de> | 2011-03-11 06:23:08 -0500 |
| commit | 37a9d912b24f96a0591773e6e6c3642991ae5a70 (patch) | |
| tree | 5c4d5b9a52e2c533269e589115afbd25b6c8534b /arch/s390 | |
| parent | 522d7decc0370070448a8c28982c8dfd8970489e (diff) | |
futex: Sanitize cmpxchg_futex_value_locked API
The cmpxchg_futex_value_locked API was funny in that it returned either
the original, user-exposed futex value OR an error code such as -EFAULT.
This was confusing at best, and could be a source of livelocks in places
that retry the cmpxchg_futex_value_locked after trying to fix the issue
by running fault_in_user_writeable().
This change makes the cmpxchg_futex_value_locked API more similar to the
get_futex_value_locked one, returning an error code and updating the
original value through a reference argument.
Signed-off-by: Michel Lespinasse <walken@google.com>
Acked-by: Chris Metcalf <cmetcalf@tilera.com> [tile]
Acked-by: Tony Luck <tony.luck@intel.com> [ia64]
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Michal Simek <monstr@monstr.eu> [microblaze]
Acked-by: David Howells <dhowells@redhat.com> [frv]
Cc: Darren Hart <darren@dvhart.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
LKML-Reference: <20110311024851.GC26122@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'arch/s390')
| -rw-r--r-- | arch/s390/include/asm/futex.h | 4 | ||||
| -rw-r--r-- | arch/s390/include/asm/uaccess.h | 2 | ||||
| -rw-r--r-- | arch/s390/lib/uaccess.h | 4 | ||||
| -rw-r--r-- | arch/s390/lib/uaccess_pt.c | 13 | ||||
| -rw-r--r-- | arch/s390/lib/uaccess_std.c | 6 |
5 files changed, 17 insertions, 12 deletions
diff --git a/arch/s390/include/asm/futex.h b/arch/s390/include/asm/futex.h index 5c5d02de49e9..27ac515ef59c 100644 --- a/arch/s390/include/asm/futex.h +++ b/arch/s390/include/asm/futex.h | |||
| @@ -39,13 +39,13 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr) | |||
| 39 | return ret; | 39 | return ret; |
| 40 | } | 40 | } |
| 41 | 41 | ||
| 42 | static inline int futex_atomic_cmpxchg_inatomic(int __user *uaddr, | 42 | static inline int futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr, |
| 43 | int oldval, int newval) | 43 | int oldval, int newval) |
| 44 | { | 44 | { |
| 45 | if (! access_ok (VERIFY_WRITE, uaddr, sizeof(int))) | 45 | if (! access_ok (VERIFY_WRITE, uaddr, sizeof(int))) |
| 46 | return -EFAULT; | 46 | return -EFAULT; |
| 47 | 47 | ||
| 48 | return uaccess.futex_atomic_cmpxchg(uaddr, oldval, newval); | 48 | return uaccess.futex_atomic_cmpxchg(uval, uaddr, oldval, newval); |
| 49 | } | 49 | } |
| 50 | 50 | ||
| 51 | #endif /* __KERNEL__ */ | 51 | #endif /* __KERNEL__ */ |
diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h index d6b1ed0ec52b..549adf6a9b8b 100644 --- a/arch/s390/include/asm/uaccess.h +++ b/arch/s390/include/asm/uaccess.h | |||
| @@ -84,7 +84,7 @@ struct uaccess_ops { | |||
| 84 | size_t (*strnlen_user)(size_t, const char __user *); | 84 | size_t (*strnlen_user)(size_t, const char __user *); |
| 85 | size_t (*strncpy_from_user)(size_t, const char __user *, char *); | 85 | size_t (*strncpy_from_user)(size_t, const char __user *, char *); |
| 86 | int (*futex_atomic_op)(int op, int __user *, int oparg, int *old); | 86 | int (*futex_atomic_op)(int op, int __user *, int oparg, int *old); |
| 87 | int (*futex_atomic_cmpxchg)(int __user *, int old, int new); | 87 | int (*futex_atomic_cmpxchg)(int *, int __user *, int old, int new); |
| 88 | }; | 88 | }; |
| 89 | 89 | ||
| 90 | extern struct uaccess_ops uaccess; | 90 | extern struct uaccess_ops uaccess; |
diff --git a/arch/s390/lib/uaccess.h b/arch/s390/lib/uaccess.h index 126011df14f1..89a80674e44b 100644 --- a/arch/s390/lib/uaccess.h +++ b/arch/s390/lib/uaccess.h | |||
| @@ -12,12 +12,12 @@ extern size_t copy_from_user_std(size_t, const void __user *, void *); | |||
| 12 | extern size_t copy_to_user_std(size_t, void __user *, const void *); | 12 | extern size_t copy_to_user_std(size_t, void __user *, const void *); |
| 13 | extern size_t strnlen_user_std(size_t, const char __user *); | 13 | extern size_t strnlen_user_std(size_t, const char __user *); |
| 14 | extern size_t strncpy_from_user_std(size_t, const char __user *, char *); | 14 | extern size_t strncpy_from_user_std(size_t, const char __user *, char *); |
| 15 | extern int futex_atomic_cmpxchg_std(int __user *, int, int); | 15 | extern int futex_atomic_cmpxchg_std(int *, int __user *, int, int); |
| 16 | extern int futex_atomic_op_std(int, int __user *, int, int *); | 16 | extern int futex_atomic_op_std(int, int __user *, int, int *); |
| 17 | 17 | ||
| 18 | extern size_t copy_from_user_pt(size_t, const void __user *, void *); | 18 | extern size_t copy_from_user_pt(size_t, const void __user *, void *); |
| 19 | extern size_t copy_to_user_pt(size_t, void __user *, const void *); | 19 | extern size_t copy_to_user_pt(size_t, void __user *, const void *); |
| 20 | extern int futex_atomic_op_pt(int, int __user *, int, int *); | 20 | extern int futex_atomic_op_pt(int, int __user *, int, int *); |
| 21 | extern int futex_atomic_cmpxchg_pt(int __user *, int, int); | 21 | extern int futex_atomic_cmpxchg_pt(int *, int __user *, int, int); |
| 22 | 22 | ||
| 23 | #endif /* __ARCH_S390_LIB_UACCESS_H */ | 23 | #endif /* __ARCH_S390_LIB_UACCESS_H */ |
diff --git a/arch/s390/lib/uaccess_pt.c b/arch/s390/lib/uaccess_pt.c index 404f2de296dc..b3cebcd52f5c 100644 --- a/arch/s390/lib/uaccess_pt.c +++ b/arch/s390/lib/uaccess_pt.c | |||
| @@ -354,26 +354,29 @@ int futex_atomic_op_pt(int op, int __user *uaddr, int oparg, int *old) | |||
| 354 | return ret; | 354 | return ret; |
| 355 | } | 355 | } |
| 356 | 356 | ||
| 357 | static int __futex_atomic_cmpxchg_pt(int __user *uaddr, int oldval, int newval) | 357 | static int __futex_atomic_cmpxchg_pt(int *uval, int __user *uaddr, |
| 358 | int oldval, int newval) | ||
| 358 | { | 359 | { |
| 359 | int ret; | 360 | int ret; |
| 360 | 361 | ||
| 361 | asm volatile("0: cs %1,%4,0(%5)\n" | 362 | asm volatile("0: cs %1,%4,0(%5)\n" |
| 362 | "1: lr %0,%1\n" | 363 | "1: la %0,0\n" |
| 363 | "2:\n" | 364 | "2:\n" |
| 364 | EX_TABLE(0b,2b) EX_TABLE(1b,2b) | 365 | EX_TABLE(0b,2b) EX_TABLE(1b,2b) |
| 365 | : "=d" (ret), "+d" (oldval), "=m" (*uaddr) | 366 | : "=d" (ret), "+d" (oldval), "=m" (*uaddr) |
| 366 | : "0" (-EFAULT), "d" (newval), "a" (uaddr), "m" (*uaddr) | 367 | : "0" (-EFAULT), "d" (newval), "a" (uaddr), "m" (*uaddr) |
| 367 | : "cc", "memory" ); | 368 | : "cc", "memory" ); |
| 369 | *uval = oldval; | ||
| 368 | return ret; | 370 | return ret; |
| 369 | } | 371 | } |
| 370 | 372 | ||
| 371 | int futex_atomic_cmpxchg_pt(int __user *uaddr, int oldval, int newval) | 373 | int futex_atomic_cmpxchg_pt(int *uval, int __user *uaddr, |
| 374 | int oldval, int newval) | ||
| 372 | { | 375 | { |
| 373 | int ret; | 376 | int ret; |
| 374 | 377 | ||
| 375 | if (segment_eq(get_fs(), KERNEL_DS)) | 378 | if (segment_eq(get_fs(), KERNEL_DS)) |
| 376 | return __futex_atomic_cmpxchg_pt(uaddr, oldval, newval); | 379 | return __futex_atomic_cmpxchg_pt(uval, uaddr, oldval, newval); |
| 377 | spin_lock(¤t->mm->page_table_lock); | 380 | spin_lock(¤t->mm->page_table_lock); |
| 378 | uaddr = (int __user *) __dat_user_addr((unsigned long) uaddr); | 381 | uaddr = (int __user *) __dat_user_addr((unsigned long) uaddr); |
| 379 | if (!uaddr) { | 382 | if (!uaddr) { |
| @@ -382,7 +385,7 @@ int futex_atomic_cmpxchg_pt(int __user *uaddr, int oldval, int newval) | |||
| 382 | } | 385 | } |
| 383 | get_page(virt_to_page(uaddr)); | 386 | get_page(virt_to_page(uaddr)); |
| 384 | spin_unlock(¤t->mm->page_table_lock); | 387 | spin_unlock(¤t->mm->page_table_lock); |
| 385 | ret = __futex_atomic_cmpxchg_pt(uaddr, oldval, newval); | 388 | ret = __futex_atomic_cmpxchg_pt(uval, uaddr, oldval, newval); |
| 386 | put_page(virt_to_page(uaddr)); | 389 | put_page(virt_to_page(uaddr)); |
| 387 | return ret; | 390 | return ret; |
| 388 | } | 391 | } |
diff --git a/arch/s390/lib/uaccess_std.c b/arch/s390/lib/uaccess_std.c index a6c4f7ed24a4..1d6643c0b95f 100644 --- a/arch/s390/lib/uaccess_std.c +++ b/arch/s390/lib/uaccess_std.c | |||
| @@ -287,19 +287,21 @@ int futex_atomic_op_std(int op, int __user *uaddr, int oparg, int *old) | |||
| 287 | return ret; | 287 | return ret; |
| 288 | } | 288 | } |
| 289 | 289 | ||
| 290 | int futex_atomic_cmpxchg_std(int __user *uaddr, int oldval, int newval) | 290 | int futex_atomic_cmpxchg_std(int *uval, int __user *uaddr, |
| 291 | int oldval, int newval) | ||
| 291 | { | 292 | { |
| 292 | int ret; | 293 | int ret; |
| 293 | 294 | ||
| 294 | asm volatile( | 295 | asm volatile( |
| 295 | " sacf 256\n" | 296 | " sacf 256\n" |
| 296 | "0: cs %1,%4,0(%5)\n" | 297 | "0: cs %1,%4,0(%5)\n" |
| 297 | "1: lr %0,%1\n" | 298 | "1: la %0,0\n" |
| 298 | "2: sacf 0\n" | 299 | "2: sacf 0\n" |
| 299 | EX_TABLE(0b,2b) EX_TABLE(1b,2b) | 300 | EX_TABLE(0b,2b) EX_TABLE(1b,2b) |
| 300 | : "=d" (ret), "+d" (oldval), "=m" (*uaddr) | 301 | : "=d" (ret), "+d" (oldval), "=m" (*uaddr) |
| 301 | : "0" (-EFAULT), "d" (newval), "a" (uaddr), "m" (*uaddr) | 302 | : "0" (-EFAULT), "d" (newval), "a" (uaddr), "m" (*uaddr) |
| 302 | : "cc", "memory" ); | 303 | : "cc", "memory" ); |
| 304 | *uval = oldval; | ||
| 303 | return ret; | 305 | return ret; |
| 304 | } | 306 | } |
| 305 | 307 | ||