From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 18 May 2018 09:02:16 +0000 (+0200)
Subject: 4.4-stable patches
X-Git-Tag: v4.16.10~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=462dfac983bae435a09b0dc0274f4e813c7264d2;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
---

diff --git a/queue-4.4/futex-futex_wake_op-fix-sign_extend32-sign-bits.patch b/queue-4.4/futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
new file mode 100644
index 00000000000..12453aa2274
--- /dev/null
+++ b/queue-4.4/futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
@@ -0,0 +1,41 @@
+From d70ef22892ed6c066e51e118b225923c9b74af34 Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Thu, 30 Nov 2017 15:35:44 +0100
+Subject: futex: futex_wake_op, fix sign_extend32 sign bits
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+commit d70ef22892ed6c066e51e118b225923c9b74af34 upstream.
+
+sign_extend32 counts the sign bit parameter from 0, not from 1.  So we
+have to use "11" for 12th bit, not "12".
+
+This mistake means we have not allowed negative op and cmp args since
+commit 30d6e0a4190d ("futex: Remove duplicated code and fix undefined
+behaviour") till now.
+
+Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour")
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Darren Hart <dvhart@infradead.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/futex.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -1457,8 +1457,8 @@ static int futex_atomic_op_inuser(unsign
+ {
+ 	unsigned int op =	  (encoded_op & 0x70000000) >> 28;
+ 	unsigned int cmp =	  (encoded_op & 0x0f000000) >> 24;
+-	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12);
+-	int cmparg = sign_extend32(encoded_op & 0x00000fff, 12);
++	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11);
++	int cmparg = sign_extend32(encoded_op & 0x00000fff, 11);
+ 	int oldval, ret;
+ 
+ 	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {
diff --git a/queue-4.4/series b/queue-4.4/series
index 4e92f3829a0..4944ad98a9a 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -28,3 +28,4 @@ lockd-lost-rollback-of-set_grace_period-in-lockd_down_net.patch
 revert-arm-dts-imx6qdl-wandboard-fix-audio-channel-swap.patch
 l2tp-revert-l2tp-fix-missing-print-session-offset-info.patch
 pipe-cap-initial-pipe-capacity-according-to-pipe-max-size-limit.patch
+futex-futex_wake_op-fix-sign_extend32-sign-bits.patch