--- /dev/null
+From d70ef22892ed6c066e51e118b225923c9b74af34 Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Thu, 30 Nov 2017 15:35:44 +0100
+Subject: futex: futex_wake_op, fix sign_extend32 sign bits
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+commit d70ef22892ed6c066e51e118b225923c9b74af34 upstream.
+
+sign_extend32 counts the sign bit parameter from 0, not from 1. So we
+have to use "11" for 12th bit, not "12".
+
+This mistake means we have not allowed negative op and cmp args since
+commit 30d6e0a4190d ("futex: Remove duplicated code and fix undefined
+behaviour") till now.
+
+Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour")
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Darren Hart <dvhart@infradead.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/futex.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -1462,8 +1462,8 @@ static int futex_atomic_op_inuser(unsign
+ {
+ unsigned int op = (encoded_op & 0x70000000) >> 28;
+ unsigned int cmp = (encoded_op & 0x0f000000) >> 24;
+- int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12);
+- int cmparg = sign_extend32(encoded_op & 0x00000fff, 12);
++ int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11);
++ int cmparg = sign_extend32(encoded_op & 0x00000fff, 11);
+ int oldval, ret;
+
+ if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {
projects / thirdparty / kernel / stable-queue.git / commitdiff
