Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp308396ybi; Wed, 29 May 2019 21:58:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqwUrUE0fK0I9ZCO4e2K7P3aHg/EdIcJnAN4Hdb0sLzSGgXRbpboSfsJklG/m1lDlYWHDqwg X-Received: by 2002:a17:90a:b283:: with SMTP id c3mr1780709pjr.28.1559192294825; Wed, 29 May 2019 21:58:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559192294; cv=none; d=google.com; s=arc-20160816; b=JaWCllHL79yc02XRpT3f2kOGXUAiwOLDdR/BG+6Uy0LyJmh4fT4RZezxO4kJC7Wx5R X9jEHNqUsD88+FcnnXyEjpc0wKOBmfPkSNawNk19HolZCU3iLdtgxPJvE00gVIGvlwAf 43FwR2aiWMEZseQDqMtR7nThcjkePoTdeSerTDTXPcjpHipF0Xirq5DSGBm8G+5Ualew pC3+BiZ9Oalt6RX6/1wAUwGmDMI6jmxLejPFbkkERD4LP6Zkwh7ttpbxKisa90pyWOsV 7K5PRP1vyNndBt33xeWRVHowHcd4qxURrS71Ocg22BR76mIf1q63iAol/Jj8QIJez5Zh 2mSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=eOZPe3Q8UTsJNNlf1JceocE5p4Gjj6mMOmW6z5rr0IE=; b=MRern2D7I26H9ndwVgng4VJTYWE1NREPfdXW/5jADSYcLJBdKmzPWNmw/sPTDeubVE VeSxR4tPrjCWFmC3iLKqtH6SgDu6FcvDp6aJo/E1eDzxXNhbuYpJbyYizsivFcyKpugd 69L4QdXfa0WghAK5FSAGQumYiiBd85QYHPQVEZ/1wBMCDP8/3jurCtTQjEwrmK6i8S7b jYXJVC2ksYjtJ0CAl2U6YjHng7auX7ah7jsIn6JtzPzv65DkKkPHchNrdt1a/SfOWDs1 ye8C9KrBZsFGXPHJ0Hdcf9W6Cippd76bvuV2QUpPScL9S9f7JPb50/0MWogvbTqWxbmM tDRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=qHbAsayC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si2214304pfh.136.2019.05.29.21.57.59; Wed, 29 May 2019 21:58:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=qHbAsayC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389034AbfE3EzE (ORCPT + 99 others); Thu, 30 May 2019 00:55:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:47042 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728029AbfE3DKS (ORCPT ); Wed, 29 May 2019 23:10:18 -0400 Received: from localhost (ip67-88-213-2.z213-88-67.customer.algx.net [67.88.213.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4B54A2447C; Thu, 30 May 2019 03:10:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1559185818; bh=5vbN2sGhXvL584Ap53AdED5tHV36JbXlhLfe11zdrjw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qHbAsayC+iA9TS7rgREItVBHdVIGMHP9/kENFYp+NUysFbKKlojMWtXgibPQrHBuF w7w4eF5/PjIBYp1cDy/+fQBONlMUU7MwM/Kg6bPZY3W0IaWdr7dfBUqz+DDkWaT4IC cY8GszVs2XrPZliYiNdUYRpzWSdQHw773edChhKg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, Will Deacon , Sasha Levin Subject: [PATCH 5.1 112/405] arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value Date: Wed, 29 May 2019 20:01:50 -0700 Message-Id: <20190530030546.667811321@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190530030540.291644921@linuxfoundation.org> References: <20190530030540.291644921@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ Upstream commit 84ff7a09c371bc7417eabfda19bf7f113ec917b6 ] Rather embarrassingly, our futex() FUTEX_WAKE_OP implementation doesn't explicitly set the return value on the non-faulting path and instead leaves it holding the result of the underlying atomic operation. This means that any FUTEX_WAKE_OP atomic operation which computes a non-zero value will be reported as having failed. Regrettably, I wrote the buggy code back in 2011 and it was upstreamed as part of the initial arm64 support in 2012. The reasons we appear to get away with this are: 1. FUTEX_WAKE_OP is rarely used and therefore doesn't appear to get exercised by futex() test applications 2. If the result of the atomic operation is zero, the system call behaves correctly 3. Prior to version 2.25, the only operation used by GLIBC set the futex to zero, and therefore worked as expected. From 2.25 onwards, FUTEX_WAKE_OP is not used by GLIBC at all. Fix the implementation by ensuring that the return value is either 0 to indicate that the atomic operation completed successfully, or -EFAULT if we encountered a fault when accessing the user mapping. Cc: Fixes: 6170a97460db ("arm64: Atomic operations") Signed-off-by: Will Deacon Signed-off-by: Sasha Levin --- arch/arm64/include/asm/futex.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/futex.h b/arch/arm64/include/asm/futex.h index 6fb2214333a24..2d78ea6932b7b 100644 --- a/arch/arm64/include/asm/futex.h +++ b/arch/arm64/include/asm/futex.h @@ -58,7 +58,7 @@ do { \ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *_uaddr) { - int oldval = 0, ret, tmp; + int oldval, ret, tmp; u32 __user *uaddr = __uaccess_mask_ptr(_uaddr); pagefault_disable(); -- 2.20.1