diff options
author | Yong Zhang <yong.zhang@windriver.com> | 2011-08-15 21:54:54 -0400 |
---|---|---|
committer | Ralf Baechle <ralf@linux-mips.org> | 2011-09-21 11:53:44 -0400 |
commit | 1eec6cd08b4feb72a73aff468ab72bdd21e1dc61 (patch) | |
tree | 70278d81550236b2dc57ddb52b3fc3380fe0c5d9 /arch | |
parent | b8ecf341f1b7ca7bf3cb80c48cbbae33b79947d0 (diff) |
MIPS: Compat: Use 32-bit wrapper for compat_sys_futex.
We can't trust userspace to pass signed-extend arguments. Not correctly
sign-extended arguments to futex-wait result in architecturally undefined
operation of 32-bit arithmetic instructions.
For example, if 'val' is too big and bit-31 is 1, the caller may enter
endless loop at:
futex_wait_setup()
{
...
if (uval != val) {
queue_unlock(q, *hb);
ret = -EWOULDBLOCK;
...
}
Signed-off-by: Yong Zhang <yong.zhang@windriver.com>
To: linux-mips@linux-mips.org
To: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/2714/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/mips/kernel/linux32.c | 7 | ||||
-rw-r--r-- | arch/mips/kernel/scall64-n32.S | 2 | ||||
-rw-r--r-- | arch/mips/kernel/scall64-o32.S | 2 |
3 files changed, 9 insertions, 2 deletions
diff --git a/arch/mips/kernel/linux32.c b/arch/mips/kernel/linux32.c index 876a75cc376f..922a554cd108 100644 --- a/arch/mips/kernel/linux32.c +++ b/arch/mips/kernel/linux32.c | |||
@@ -349,3 +349,10 @@ SYSCALL_DEFINE6(32_fanotify_mark, int, fanotify_fd, unsigned int, flags, | |||
349 | return sys_fanotify_mark(fanotify_fd, flags, merge_64(a3, a4), | 349 | return sys_fanotify_mark(fanotify_fd, flags, merge_64(a3, a4), |
350 | dfd, pathname); | 350 | dfd, pathname); |
351 | } | 351 | } |
352 | |||
353 | SYSCALL_DEFINE6(32_futex, u32 __user *, uaddr, int, op, u32, val, | ||
354 | struct compat_timespec __user *, utime, u32 __user *, uaddr2, | ||
355 | u32, val3) | ||
356 | { | ||
357 | return compat_sys_futex(uaddr, op, val, utime, uaddr2, val3); | ||
358 | } | ||
diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S index f9296e894e46..6de1f598346e 100644 --- a/arch/mips/kernel/scall64-n32.S +++ b/arch/mips/kernel/scall64-n32.S | |||
@@ -315,7 +315,7 @@ EXPORT(sysn32_call_table) | |||
315 | PTR sys_fremovexattr | 315 | PTR sys_fremovexattr |
316 | PTR sys_tkill | 316 | PTR sys_tkill |
317 | PTR sys_ni_syscall | 317 | PTR sys_ni_syscall |
318 | PTR compat_sys_futex | 318 | PTR sys_32_futex |
319 | PTR compat_sys_sched_setaffinity /* 6195 */ | 319 | PTR compat_sys_sched_setaffinity /* 6195 */ |
320 | PTR compat_sys_sched_getaffinity | 320 | PTR compat_sys_sched_getaffinity |
321 | PTR sys_cacheflush | 321 | PTR sys_cacheflush |
diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S index 4d7c9827706f..1d813169e453 100644 --- a/arch/mips/kernel/scall64-o32.S +++ b/arch/mips/kernel/scall64-o32.S | |||
@@ -441,7 +441,7 @@ sys_call_table: | |||
441 | PTR sys_fremovexattr /* 4235 */ | 441 | PTR sys_fremovexattr /* 4235 */ |
442 | PTR sys_tkill | 442 | PTR sys_tkill |
443 | PTR sys_sendfile64 | 443 | PTR sys_sendfile64 |
444 | PTR compat_sys_futex | 444 | PTR sys_32_futex |
445 | PTR compat_sys_sched_setaffinity | 445 | PTR compat_sys_sched_setaffinity |
446 | PTR compat_sys_sched_getaffinity /* 4240 */ | 446 | PTR compat_sys_sched_getaffinity /* 4240 */ |
447 | PTR compat_sys_io_setup | 447 | PTR compat_sys_io_setup |