From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 26 Jan 2021 10:30:59 +0000 (+0100)
Subject: 4.14-stable patches
X-Git-Tag: v4.19.171~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9cda5b65018b375b315784b2d7b42ec4e4503b0f;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
---

diff --git a/queue-4.14/futex-futex_wake_op-fix-sign_extend32-sign-bits.patch b/queue-4.14/futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
new file mode 100644
index 00000000000..17517132214
--- /dev/null
+++ b/queue-4.14/futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
@@ -0,0 +1,41 @@
+From d70ef22892ed6c066e51e118b225923c9b74af34 Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jirislaby@kernel.org>
+Date: Thu, 30 Nov 2017 15:35:44 +0100
+Subject: futex: futex_wake_op, fix sign_extend32 sign bits
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+commit d70ef22892ed6c066e51e118b225923c9b74af34 upstream.
+
+sign_extend32 counts the sign bit parameter from 0, not from 1.  So we
+have to use "11" for 12th bit, not "12".
+
+This mistake means we have not allowed negative op and cmp args since
+commit 30d6e0a4190d ("futex: Remove duplicated code and fix undefined
+behaviour") till now.
+
+Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour")
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Darren Hart <dvhart@infradead.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/futex.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -1725,8 +1725,8 @@ static int futex_atomic_op_inuser(unsign
+ {
+ 	unsigned int op =	  (encoded_op & 0x70000000) >> 28;
+ 	unsigned int cmp =	  (encoded_op & 0x0f000000) >> 24;
+-	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12);
+-	int cmparg = sign_extend32(encoded_op & 0x00000fff, 12);
++	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11);
++	int cmparg = sign_extend32(encoded_op & 0x00000fff, 11);
+ 	int oldval, ret;
+ 
+ 	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {
diff --git a/queue-4.14/series b/queue-4.14/series
index 964ea873735..9e4bb0c32e5 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -33,3 +33,4 @@ udp-mask-tos-bits-in-udp_v4_early_demux.patch
 ipv6-create-multicast-route-with-rtprot_kernel.patch
 net_sched-avoid-shift-out-of-bounds-in-tcindex_set_parms.patch
 net-dsa-b53-fix-an-off-by-one-in-checking-vlan-vid.patch
+futex-futex_wake_op-fix-sign_extend32-sign-bits.patch