MIPS: Compat: Use 32-bit wrapper for compat_sys_futex.

We can't trust userspace to pass signed-extend arguments. Not correctly sign-extended arguments to futex-wait result in architecturally undefined operation of 32-bit arithmetic instructions. For example, if 'val' is too big and bit-31 is 1, the caller may enter endless loop at: futex_wait_setup() { ... if (uval != val) { queue_unlock(q, *hb); ret = -EWOULDBLOCK; ... } Signed-off-by: Yong Zhang <yong.zhang@windriver.com> To: linux-mips@linux-mips.org To: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/2714/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2011-08-16 09:54:54 +08:00 · 2011-08-16 09:54:54 +08:00 · 1eec6cd08b
commit 1eec6cd08b
parent b8ecf341f1
3 changed files with 9 additions and 2 deletions
--- a/arch/mips/kernel/linux32.c
+++ b/arch/mips/kernel/linux32.c
@ -349,3 +349,10 @@ SYSCALL_DEFINE6(32_fanotify_mark, int, fanotify_fd, unsigned int, flags,
 	return sys_fanotify_mark(fanotify_fd, flags, merge_64(a3, a4),
 				 dfd, pathname);
 }
+
+SYSCALL_DEFINE6(32_futex, u32 __user *, uaddr, int, op, u32, val,
+		struct compat_timespec __user *, utime, u32 __user *, uaddr2,
+		u32, val3)
+{
+	return compat_sys_futex(uaddr, op, val, utime, uaddr2, val3);
+}
--- a/arch/mips/kernel/scall64-n32.S
+++ b/arch/mips/kernel/scall64-n32.S
@ -315,7 +315,7 @@ EXPORT(sysn32_call_table)
 	PTR	sys_fremovexattr
 	PTR	sys_tkill
 	PTR	sys_ni_syscall
-	PTR	compat_sys_futex
+	PTR	sys_32_futex
 	PTR	compat_sys_sched_setaffinity	/* 6195 */
 	PTR	compat_sys_sched_getaffinity
 	PTR	sys_cacheflush
--- a/arch/mips/kernel/scall64-o32.S
+++ b/arch/mips/kernel/scall64-o32.S
@ -441,7 +441,7 @@ sys_call_table:
 	PTR	sys_fremovexattr		/* 4235 */
 	PTR	sys_tkill
 	PTR	sys_sendfile64
-	PTR	compat_sys_futex
+	PTR	sys_32_futex
 	PTR	compat_sys_sched_setaffinity
 	PTR	compat_sys_sched_getaffinity	/* 4240 */
 	PTR	compat_sys_io_setup