Commit a164009f authored by Jiri Slaby's avatar Jiri Slaby Committed by Greg Kroah-Hartman

futex: futex_wake_op, fix sign_extend32 sign bits

commit d70ef228 upstream.

sign_extend32 counts the sign bit parameter from 0, not from 1.  So we
have to use "11" for 12th bit, not "12".

This mistake means we have not allowed negative op and cmp args since
commit 30d6e0a4 ("futex: Remove duplicated code and fix undefined
behaviour") till now.

Fixes: 30d6e0a4 ("futex: Remove duplicated code and fix undefined behaviour")
Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Darren Hart <dvhart@infradead.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 6f1abf86
...@@ -1462,8 +1462,8 @@ static int futex_atomic_op_inuser(unsigned int encoded_op, u32 __user *uaddr) ...@@ -1462,8 +1462,8 @@ static int futex_atomic_op_inuser(unsigned int encoded_op, u32 __user *uaddr)
{ {
unsigned int op = (encoded_op & 0x70000000) >> 28; unsigned int op = (encoded_op & 0x70000000) >> 28;
unsigned int cmp = (encoded_op & 0x0f000000) >> 24; unsigned int cmp = (encoded_op & 0x0f000000) >> 24;
int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12); int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11);
int cmparg = sign_extend32(encoded_op & 0x00000fff, 12); int cmparg = sign_extend32(encoded_op & 0x00000fff, 11);
int oldval, ret; int oldval, ret;
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) { if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment