[thirdparty/kernel/stable-queue.git] / releases / 4.4.133 / futex-futex_wake_op-fix-sign_extend32-sign-bits.patch

From d70ef22892ed6c066e51e118b225923c9b74af34 Mon Sep 17 00:00:00 2001
From: Jiri Slaby <jslaby@suse.cz>
Date: Thu, 30 Nov 2017 15:35:44 +0100
Subject: futex: futex_wake_op, fix sign_extend32 sign bits

From: Jiri Slaby <jslaby@suse.cz>

commit d70ef22892ed6c066e51e118b225923c9b74af34 upstream.

sign_extend32 counts the sign bit parameter from 0, not from 1.  So we
have to use "11" for 12th bit, not "12".

This mistake means we have not allowed negative op and cmp args since
commit 30d6e0a4190d ("futex: Remove duplicated code and fix undefined
behaviour") till now.

Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour")
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Darren Hart <dvhart@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 kernel/futex.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1457,8 +1457,8 @@ static int futex_atomic_op_inuser(unsign
 {
 	unsigned int op =	  (encoded_op & 0x70000000) >> 28;
 	unsigned int cmp =	  (encoded_op & 0x0f000000) >> 24;
-	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12);
-	int cmparg = sign_extend32(encoded_op & 0x00000fff, 12);
+	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11);
+	int cmparg = sign_extend32(encoded_op & 0x00000fff, 11);
 	int oldval, ret;
 
 	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {
Commit	Line	Data
462dfac9 GKH	1	From d70ef22892ed6c066e51e118b225923c9b74af34 Mon Sep 17 00:00:00 2001
	2	From: Jiri Slaby <jslaby@suse.cz>
	3	Date: Thu, 30 Nov 2017 15:35:44 +0100
	4	Subject: futex: futex_wake_op, fix sign_extend32 sign bits
	5
	6	From: Jiri Slaby <jslaby@suse.cz>
	7
	8	commit d70ef22892ed6c066e51e118b225923c9b74af34 upstream.
	9
	10	sign_extend32 counts the sign bit parameter from 0, not from 1. So we
	11	have to use "11" for 12th bit, not "12".
	12
	13	This mistake means we have not allowed negative op and cmp args since
	14	commit 30d6e0a4190d ("futex: Remove duplicated code and fix undefined
	15	behaviour") till now.
	16
	17	Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour")
	18	Signed-off-by: Jiri Slaby <jslaby@suse.cz>
	19	Cc: Ingo Molnar <mingo@redhat.com>
	20	Cc: Peter Zijlstra <peterz@infradead.org>
	21	Cc: Darren Hart <dvhart@infradead.org>
	22	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	23	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	24
	25	---
	26	kernel/futex.c \| 4 ++--
	27	1 file changed, 2 insertions(+), 2 deletions(-)
	28
	29	--- a/kernel/futex.c
	30	+++ b/kernel/futex.c
	31	@@ -1457,8 +1457,8 @@ static int futex_atomic_op_inuser(unsign
	32	{
	33	unsigned int op = (encoded_op & 0x70000000) >> 28;
	34	unsigned int cmp = (encoded_op & 0x0f000000) >> 24;
	35	- int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12);
	36	- int cmparg = sign_extend32(encoded_op & 0x00000fff, 12);
	37	+ int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11);
	38	+ int cmparg = sign_extend32(encoded_op & 0x00000fff, 11);
	39	int oldval, ret;
	40
	41	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {