Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8d7718aa authored by Michel Lespinasse's avatar Michel Lespinasse Committed by Thomas Gleixner
Browse files

futex: Sanitize futex ops argument types 



Change futex_atomic_op_inuser and futex_atomic_cmpxchg_inatomic
prototypes to use u32 types for the futex as this is the data type the
futex core code uses all over the place.

Signed-off-by: default avatarMichel Lespinasse <walken@google.com>
Cc: Darren Hart <darren@dvhart.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: David Howells <dhowells@redhat.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Michal Simek <monstr@monstr.eu>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Chris Metcalf <cmetcalf@tilera.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
LKML-Reference: <20110311025058.GD26122@google.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
parent 37a9d912

arch/alpha/include/asm/futex.h

+7 −6
Original line number Diff line number Diff line
@@ -29,7 +29,7 @@ 
	:	"r" (uaddr), "r"(oparg)				\

	:	"memory")



static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)

static inline int futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)

{

	int op = (encoded_op >> 28) & 7;

	int cmp = (encoded_op >> 24) & 15;
@@ -39,7 +39,7 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr) 
	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))

		oparg = 1 << oparg;



	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))

	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))

		return -EFAULT;



	pagefault_disable();
@@ -81,12 +81,13 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr) 
}



static inline int

futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,

			      int oldval, int newval)

futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,

			      u32 oldval, u32 newval)

{

	int ret = 0, prev, cmp;

	int ret = 0, cmp;

	u32 prev;



	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))

	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))

		return -EFAULT;



	__asm__ __volatile__ (

arch/arm/include/asm/futex.h

+7 −6
Original line number Diff line number Diff line
@@ -35,7 +35,7 @@ 
	: "cc", "memory")



static inline int

futex_atomic_op_inuser (int encoded_op, int __user *uaddr)

futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)

{

	int op = (encoded_op >> 28) & 7;

	int cmp = (encoded_op >> 24) & 15;
@@ -46,7 +46,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) 
	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))

		oparg = 1 << oparg;



	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))

	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))

		return -EFAULT;



	pagefault_disable();	/* implies preempt_disable() */
@@ -88,12 +88,13 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) 
}



static inline int

futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,

			      int oldval, int newval)

futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,

			      u32 oldval, u32 newval)

{

	int ret = 0, val;

	int ret = 0;

	u32 val;



	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))

	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))

		return -EFAULT;



	/* Note that preemption is disabled by futex_atomic_cmpxchg_inatomic

arch/frv/include/asm/futex.h

+3 −3
Original line number Diff line number Diff line
@@ -7,11 +7,11 @@ 
#include <asm/errno.h>

#include <asm/uaccess.h>



extern int futex_atomic_op_inuser(int encoded_op, int __user *uaddr);

extern int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr);



static inline int

futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,

			      int oldval, int newval)

futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,

			      u32 oldval, u32 newval)

{

	return -ENOSYS;

}

arch/frv/kernel/futex.c

+7 −7
Original line number Diff line number Diff line
@@ -18,7 +18,7 @@ 
 * the various futex operations; MMU fault checking is ignored under no-MMU

 * conditions

 */

static inline int atomic_futex_op_xchg_set(int oparg, int __user *uaddr, int *_oldval)

static inline int atomic_futex_op_xchg_set(int oparg, u32 __user *uaddr, int *_oldval)

{

	int oldval, ret;
@@ -50,7 +50,7 @@ static inline int atomic_futex_op_xchg_set(int oparg, int __user *uaddr, int *_o 
	return ret;

}



static inline int atomic_futex_op_xchg_add(int oparg, int __user *uaddr, int *_oldval)

static inline int atomic_futex_op_xchg_add(int oparg, u32 __user *uaddr, int *_oldval)

{

	int oldval, ret;
@@ -83,7 +83,7 @@ static inline int atomic_futex_op_xchg_add(int oparg, int __user *uaddr, int *_o 
	return ret;

}



static inline int atomic_futex_op_xchg_or(int oparg, int __user *uaddr, int *_oldval)

static inline int atomic_futex_op_xchg_or(int oparg, u32 __user *uaddr, int *_oldval)

{

	int oldval, ret;
@@ -116,7 +116,7 @@ static inline int atomic_futex_op_xchg_or(int oparg, int __user *uaddr, int *_ol 
	return ret;

}



static inline int atomic_futex_op_xchg_and(int oparg, int __user *uaddr, int *_oldval)

static inline int atomic_futex_op_xchg_and(int oparg, u32 __user *uaddr, int *_oldval)

{

	int oldval, ret;
@@ -149,7 +149,7 @@ static inline int atomic_futex_op_xchg_and(int oparg, int __user *uaddr, int *_o 
	return ret;

}



static inline int atomic_futex_op_xchg_xor(int oparg, int __user *uaddr, int *_oldval)

static inline int atomic_futex_op_xchg_xor(int oparg, u32 __user *uaddr, int *_oldval)

{

	int oldval, ret;
@@ -186,7 +186,7 @@ static inline int atomic_futex_op_xchg_xor(int oparg, int __user *uaddr, int *_o 
/*

 * do the futex operations

 */

int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)

int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)

{

	int op = (encoded_op >> 28) & 7;

	int cmp = (encoded_op >> 24) & 15;
@@ -197,7 +197,7 @@ int futex_atomic_op_inuser(int encoded_op, int __user *uaddr) 
	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))

		oparg = 1 << oparg;



	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))

	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))

		return -EFAULT;



	pagefault_disable();

arch/ia64/include/asm/futex.h

+5 −5
Original line number Diff line number Diff line
@@ -46,7 +46,7 @@ do { \ 
} while (0)



static inline int

futex_atomic_op_inuser (int encoded_op, int __user *uaddr)

futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)

{

	int op = (encoded_op >> 28) & 7;

	int cmp = (encoded_op >> 24) & 15;
@@ -56,7 +56,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) 
	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))

		oparg = 1 << oparg;



	if (! access_ok (VERIFY_WRITE, uaddr, sizeof(int)))

	if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32)))

		return -EFAULT;



	pagefault_disable();
@@ -100,10 +100,10 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr) 
}



static inline int

futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,

			      int oldval, int newval)

futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,

			      u32 oldval, u32 newval)

{

	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))

	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))

		return -EFAULT;



	{