[RESEND PATCH] sparc64: fix incorrect sign extension in sys_sparc64_personality

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Dmitry V. Levin" <ldv@altlinux.org>
To: "David S. Miller" <davem@davemloft.net>
Cc: sparclinux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [RESEND PATCH] sparc64: fix incorrect sign extension in sys_sparc64_personality
Date: Mon, 11 Jan 2016 14:30:20 +0000	[thread overview]
Message-ID: <20160111143019.GA29007@altlinux.org> (raw)
In-Reply-To: <20151226231327.GA18682@altlinux.org>

Date: Sat Dec 26 22:35:13 2015 +0000

The value returned by sys_personality has type "long int".
It is saved to a variable of type "int", which is not a problem
yet because the type of task_struct->pesonality is "unsigned int".
The problem is the sign extension from "int" to "long int"
that happens on return from sys_sparc64_personality.

For example, a userspace call personality((unsigned) -EINVAL) will
result to any subsequent personality call, including absolutely
harmless read-only personality(0xffffffff) call, failing with
errno set to EINVAL.

Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: <stable@vger.kernel.org>
---
 arch/sparc/kernel/sys_sparc_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
index 30e7ddb..c690c8e 100644
--- a/arch/sparc/kernel/sys_sparc_64.c
+++ b/arch/sparc/kernel/sys_sparc_64.c
@@ -413,15 +413,15 @@ out:

 SYSCALL_DEFINE1(sparc64_personality, unsigned long, personality)
 {
-	int ret;
+	long ret;

 	if (personality(current->personality) = PER_LINUX32 &&
 	    personality(personality) = PER_LINUX)
 		personality |= PER_LINUX32;
 	ret = sys_personality(personality);
 	if (personality(ret) = PER_LINUX32)
 		ret &= ~PER_LINUX32;

 	return ret;
 }

-- 
ldv

WARNING: multiple messages have this Message-ID (diff)

From: "Dmitry V. Levin" <ldv@altlinux.org>
To: "David S. Miller" <davem@davemloft.net>
Cc: sparclinux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [RESEND PATCH] sparc64: fix incorrect sign extension in sys_sparc64_personality
Date: Mon, 11 Jan 2016 17:30:20 +0300	[thread overview]
Message-ID: <20160111143019.GA29007@altlinux.org> (raw)
In-Reply-To: <20151226231327.GA18682@altlinux.org>

Date: Sat Dec 26 22:35:13 2015 +0000

The value returned by sys_personality has type "long int".
It is saved to a variable of type "int", which is not a problem
yet because the type of task_struct->pesonality is "unsigned int".
The problem is the sign extension from "int" to "long int"
that happens on return from sys_sparc64_personality.

For example, a userspace call personality((unsigned) -EINVAL) will
result to any subsequent personality call, including absolutely
harmless read-only personality(0xffffffff) call, failing with
errno set to EINVAL.

Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: <stable@vger.kernel.org>
---
 arch/sparc/kernel/sys_sparc_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
index 30e7ddb..c690c8e 100644
--- a/arch/sparc/kernel/sys_sparc_64.c
+++ b/arch/sparc/kernel/sys_sparc_64.c
@@ -413,15 +413,15 @@ out:

 SYSCALL_DEFINE1(sparc64_personality, unsigned long, personality)
 {
-	int ret;
+	long ret;

 	if (personality(current->personality) == PER_LINUX32 &&
 	    personality(personality) == PER_LINUX)
 		personality |= PER_LINUX32;
 	ret = sys_personality(personality);
 	if (personality(ret) == PER_LINUX32)
 		ret &= ~PER_LINUX32;

 	return ret;
 }

-- 
ldv

next prev parent reply	other threads:[~2016-01-11 14:30 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-26 23:13 [PATCH] sparc64: fix incorrect sign extension in sys_sparc64_personality Dmitry V. Levin
2015-12-26 23:13 ` Dmitry V. Levin
2016-01-11 14:30 ` Dmitry V. Levin [this message]
2016-01-11 14:30   ` [RESEND PATCH] " Dmitry V. Levin
2016-01-11 21:22   ` David Miller
2016-01-11 21:22     ` David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:30e7ddb dfblob:c690c8e dfblob:30e7ddb dfblob:c690c8e )
 OR (
bs:"[RESEND PATCH] sparc64: fix incorrect sign extension in sys_sparc64_personality" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160111143019.GA29007@altlinux.org \
    --to=ldv@altlinux.org \
    --cc=davem@davemloft.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sparclinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.