From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 18 May 2018 09:02:33 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.16.10~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f26e96c0ef4169de2ccac63dfda30d7a99cd3c2b;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
---

diff --git a/queue-4.9/futex-futex_wake_op-fix-sign_extend32-sign-bits.patch b/queue-4.9/futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
new file mode 100644
index 00000000000..c9b2d943350
--- /dev/null
+++ b/queue-4.9/futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
@@ -0,0 +1,41 @@
+From d70ef22892ed6c066e51e118b225923c9b74af34 Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Thu, 30 Nov 2017 15:35:44 +0100
+Subject: futex: futex_wake_op, fix sign_extend32 sign bits
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+commit d70ef22892ed6c066e51e118b225923c9b74af34 upstream.
+
+sign_extend32 counts the sign bit parameter from 0, not from 1.  So we
+have to use "11" for 12th bit, not "12".
+
+This mistake means we have not allowed negative op and cmp args since
+commit 30d6e0a4190d ("futex: Remove duplicated code and fix undefined
+behaviour") till now.
+
+Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour")
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Darren Hart <dvhart@infradead.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/futex.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -1462,8 +1462,8 @@ static int futex_atomic_op_inuser(unsign
+ {
+ 	unsigned int op =	  (encoded_op & 0x70000000) >> 28;
+ 	unsigned int cmp =	  (encoded_op & 0x0f000000) >> 24;
+-	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12);
+-	int cmparg = sign_extend32(encoded_op & 0x00000fff, 12);
++	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11);
++	int cmparg = sign_extend32(encoded_op & 0x00000fff, 11);
+ 	int oldval, ret;
+ 
+ 	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {
diff --git a/queue-4.9/series b/queue-4.9/series
index addf151a965..d662466a9e3 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -31,3 +31,4 @@ revert-arm-dts-imx6qdl-wandboard-fix-audio-channel-swap.patch
 l2tp-revert-l2tp-fix-missing-print-session-offset-info.patch
 nfp-tx-time-stamp-packets-before-hw-doorbell-is-rung.patch
 proc-do-not-access-cmdline-nor-environ-from-file-backed-areas.patch
+futex-futex_wake_op-fix-sign_extend32-sign-bits.patch