| From d70ef22892ed6c066e51e118b225923c9b74af34 Mon Sep 17 00:00:00 2001 |
| From: Jiri Slaby <jirislaby@kernel.org> |
| Date: Thu, 30 Nov 2017 15:35:44 +0100 |
| Subject: futex: futex_wake_op, fix sign_extend32 sign bits |
| |
| From: Jiri Slaby <jslaby@suse.cz> |
| |
| commit d70ef22892ed6c066e51e118b225923c9b74af34 upstream. |
| |
| sign_extend32 counts the sign bit parameter from 0, not from 1. So we |
| have to use "11" for 12th bit, not "12". |
| |
| This mistake means we have not allowed negative op and cmp args since |
| commit 30d6e0a4190d ("futex: Remove duplicated code and fix undefined |
| behaviour") till now. |
| |
| Fixes: 30d6e0a4190d ("futex: Remove duplicated code and fix undefined behaviour") |
| Signed-off-by: Jiri Slaby <jslaby@suse.cz> |
| Cc: Ingo Molnar <mingo@redhat.com> |
| Cc: Peter Zijlstra <peterz@infradead.org> |
| Cc: Darren Hart <dvhart@infradead.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- a/kernel/futex.c |
| +++ b/kernel/futex.c |
| @@ -1725,8 +1725,8 @@ static int futex_atomic_op_inuser(unsign |
| { |
| unsigned int op = (encoded_op & 0x70000000) >> 28; |
| unsigned int cmp = (encoded_op & 0x0f000000) >> 24; |
| - int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12); |
| - int cmparg = sign_extend32(encoded_op & 0x00000fff, 12); |
| + int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11); |
| + int cmparg = sign_extend32(encoded_op & 0x00000fff, 11); |
| int oldval, ret; |
| |
| if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) { |
