From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, He Zhe <zhe.he@windriver.com>,
Arnd Bergmann <arnd@arndb.de>
Subject: [PATCH 6.1 60/96] hpet: Support 32-bit userspace
Date: Tue, 16 Jul 2024 17:32:11 +0200 [thread overview]
Message-ID: <20240716152748.814786413@linuxfoundation.org> (raw)
In-Reply-To: <20240716152746.516194097@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: He Zhe <zhe.he@windriver.com>
commit 4e60131d0d36af65ab9c9144f4f163fe97ae36e8 upstream.
hpet_compat_ioctl and read file operations failed to handle parameters from
32-bit userspace and thus samples/timers/hpet_example.c fails as below.
root@intel-x86-64:~# ./hpet_example-32.out poll /dev/hpet 1 2
-hpet: executing poll
hpet_poll: HPET_IRQFREQ failed
This patch fixes cmd and arg handling in hpet_compat_ioctl and adds compat
handling for 32-bit userspace in hpet_read.
hpet_example now shows that it works for both 64-bit and 32-bit.
root@intel-x86-64:~# ./hpet_example-32.out poll /dev/hpet 1 2
-hpet: executing poll
hpet_poll: info.hi_flags 0x0
hpet_poll: expired time = 0xf4298
hpet_poll: revents = 0x1
hpet_poll: data 0x1
hpet_poll: expired time = 0xf4235
hpet_poll: revents = 0x1
hpet_poll: data 0x1
root@intel-x86-64:~# ./hpet_example-64.out poll /dev/hpet 1 2
-hpet: executing poll
hpet_poll: info.hi_flags 0x0
hpet_poll: expired time = 0xf42a1
hpet_poll: revents = 0x1
hpet_poll: data 0x1
hpet_poll: expired time = 0xf4232
hpet_poll: revents = 0x1
hpet_poll: data 0x1
Cc: stable@vger.kernel.org
Signed-off-by: He Zhe <zhe.he@windriver.com>
Fixes: 54066a57c584 ("hpet: kill BKL, add compat_ioctl")
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20240606123908.738733-1-zhe.he@windriver.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/char/hpet.c | 34 +++++++++++++++++++++++++++++-----
1 file changed, 29 insertions(+), 5 deletions(-)
--- a/drivers/char/hpet.c
+++ b/drivers/char/hpet.c
@@ -289,8 +289,13 @@ hpet_read(struct file *file, char __user
if (!devp->hd_ireqfreq)
return -EIO;
- if (count < sizeof(unsigned long))
- return -EINVAL;
+ if (in_compat_syscall()) {
+ if (count < sizeof(compat_ulong_t))
+ return -EINVAL;
+ } else {
+ if (count < sizeof(unsigned long))
+ return -EINVAL;
+ }
add_wait_queue(&devp->hd_waitqueue, &wait);
@@ -314,9 +319,16 @@ hpet_read(struct file *file, char __user
schedule();
}
- retval = put_user(data, (unsigned long __user *)buf);
- if (!retval)
- retval = sizeof(unsigned long);
+ if (in_compat_syscall()) {
+ retval = put_user(data, (compat_ulong_t __user *)buf);
+ if (!retval)
+ retval = sizeof(compat_ulong_t);
+ } else {
+ retval = put_user(data, (unsigned long __user *)buf);
+ if (!retval)
+ retval = sizeof(unsigned long);
+ }
+
out:
__set_current_state(TASK_RUNNING);
remove_wait_queue(&devp->hd_waitqueue, &wait);
@@ -671,12 +683,24 @@ struct compat_hpet_info {
unsigned short hi_timer;
};
+/* 32-bit types would lead to different command codes which should be
+ * translated into 64-bit ones before passed to hpet_ioctl_common
+ */
+#define COMPAT_HPET_INFO _IOR('h', 0x03, struct compat_hpet_info)
+#define COMPAT_HPET_IRQFREQ _IOW('h', 0x6, compat_ulong_t)
+
static long
hpet_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
struct hpet_info info;
int err;
+ if (cmd == COMPAT_HPET_INFO)
+ cmd = HPET_INFO;
+
+ if (cmd == COMPAT_HPET_IRQFREQ)
+ cmd = HPET_IRQFREQ;
+
mutex_lock(&hpet_mutex);
err = hpet_ioctl_common(file->private_data, cmd, arg, &info);
mutex_unlock(&hpet_mutex);
next prev parent reply other threads:[~2024-07-16 15:57 UTC|newest]
Thread overview: 104+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-16 15:31 [PATCH 6.1 00/96] 6.1.100-rc1 review Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 01/96] mm: prevent derefencing NULL ptr in pfn_section_valid() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 02/96] cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 03/96] cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 04/96] cachefiles: stop sending new request when dropping object Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 05/96] cachefiles: cancel all requests for the object that is being dropped Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 06/96] cachefiles: wait for ondemand_object_worker to finish when dropping object Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 07/96] cachefiles: cyclic allocation of msg_id to avoid reuse Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 08/96] cachefiles: add missing lock protection when polling Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 09/96] filelock: fix potential use-after-free in posix_lock_inode Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 10/96] fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 11/96] vfs: dont mod negative dentry count when on shrinker list Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 12/96] tcp: fix incorrect undo caused by DSACK of TLP retransmit Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 13/96] net: phy: microchip: lan87xx: reinit PHY after cable test Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 14/96] skmsg: Skip zero length skb in sk_msg_recvmsg Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 15/96] octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 16/96] net: fix rc7s __skb_datagram_iter() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 17/96] i40e: Fix XDP program unloading while removing the driver Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 18/96] net: ethernet: lantiq_etop: fix double free in detach Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 19/96] bpf: Refactor some inode/task/sk storage functions for reuse Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 20/96] bpf: Reduce smap->elem_size Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 21/96] bpf: use bpf_map_kvcalloc in bpf_local_storage Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 22/96] bpf: Remove __bpf_local_storage_map_alloc Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 23/96] bpf: fix order of args in call to bpf_map_kvcalloc Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 24/96] net: ethernet: mtk-star-emac: set mac_managed_pm when probing Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 25/96] ppp: reject claimed-as-LCP but actually malformed packets Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 26/96] ethtool: netlink: do not return SQI value if link is down Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 27/96] udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 28/96] net/sched: Fix UAF when resolving a clash Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 29/96] net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 30/96] s390: Mark psw in __load_psw_mask() as __unitialized Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 31/96] firmware: cs_dsp: Fix overflow checking of wmfw header Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 32/96] firmware: cs_dsp: Return error if block header overflows file Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 33/96] firmware: cs_dsp: Validate payload length before processing block Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 34/96] firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 35/96] firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 36/96] ARM: davinci: Convert comma to semicolon Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 37/96] octeontx2-af: replace cpt slot with lf id on reg write Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 38/96] octeontx2-af: update cpt lf alloc mailbox Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 39/96] octeontx2-af: fix a issue with cpt_lf_alloc mailbox Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 40/96] octeontx2-af: fix detection of IP layer Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 41/96] octeontx2-af: extend RSS supported offload types Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 42/96] octeontx2-af: fix issue with IPv6 ext match for RSS Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 43/96] octeontx2-af: fix issue with IPv4 " Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 44/96] cifs: fix setting SecurityFlags to true Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 45/96] Revert "sched/fair: Make sure to try to detach at least one movable task" Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 46/96] tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 47/96] tcp: avoid too many retransmit packets Greg Kroah-Hartman
2024-07-16 15:31 ` [PATCH 6.1 48/96] net: ks8851: Fix deadlock with the SPI chip variant Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 49/96] net: ks8851: Fix potential TX stall after interface reopen Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 50/96] USB: serial: option: add Telit generic core-dump composition Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 51/96] USB: serial: option: add Telit FN912 rmnet compositions Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 52/96] USB: serial: option: add Fibocom FM350-GL Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 53/96] USB: serial: option: add support for Foxconn T99W651 Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 54/96] USB: serial: option: add Netprisma LCUK54 series modules Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 55/96] USB: serial: option: add Rolling RW350-GL variants Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 56/96] USB: serial: mos7840: fix crash on resume Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 57/96] USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 58/96] usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 59/96] USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Greg Kroah-Hartman
2024-07-16 15:32 ` Greg Kroah-Hartman [this message]
2024-07-16 15:32 ` [PATCH 6.1 61/96] xhci: always resume roothubs if xHC was reset during resume Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 62/96] ksmbd: discard write access to the directory open Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 63/96] nvmem: rmem: Fix return value of rmem_read() Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 64/96] nvmem: meson-efuse: Fix return value of nvmem callbacks Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 65/96] nvmem: core: only change name to fram for current attribute Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 66/96] platform/x86: toshiba_acpi: Fix array out-of-bounds access Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 67/96] ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 68/96] ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 69/96] ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 70/96] Fix userfaultfd_api to return EINVAL as expected Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 71/96] libceph: fix race between delayed_work() and ceph_monc_stop() Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 72/96] ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 73/96] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 74/96] wireguard: allowedips: avoid unaligned 64-bit memory accesses Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 75/96] wireguard: queueing: annotate intentional data race in cpu round robin Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 76/96] wireguard: send: annotate intentional data race in checking empty queue Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 77/96] misc: fastrpc: Fix DSP capabilities request Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 78/96] misc: fastrpc: Avoid updating PD type for capability request Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 79/96] misc: fastrpc: Copy the complete capability structure to user Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 80/96] x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 81/96] cifs: use origin fullpath for automounts Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 82/96] cifs: avoid dup prefix path in dfs_get_automount_devname() Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 83/96] bpf: Allow reads from uninit stack Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 84/96] nilfs2: fix kernel bug on rename operation of broken directory Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 85/96] sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 86/96] i2c: rcar: bring hardware to known state when probing Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 87/96] i2c: mark HostNotify target address as used Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 88/96] i2c: rcar: reset controller is mandatory for Gen3+ Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 89/96] i2c: rcar: introduce Gen4 devices Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 90/96] i2c: rcar: ensure Gen3+ reset does not disturb local targets Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 91/96] i2c: testunit: avoid re-issued work after read message Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 92/96] i2c: rcar: clear NO_RXDMA flag after resetting Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 93/96] x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 94/96] x86/bhi: Avoid warning in #DB handler due to BHI mitigation Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 95/96] kbuild: Make ld-version.sh more robust against version string changes Greg Kroah-Hartman
2024-07-16 15:32 ` [PATCH 6.1 96/96] i2c: rcar: fix error code in probe() Greg Kroah-Hartman
2024-07-16 18:38 ` [PATCH 6.1 00/96] 6.1.100-rc1 review SeongJae Park
2024-07-16 18:42 ` Florian Fainelli
2024-07-16 19:01 ` Pavel Machek
2024-07-16 20:29 ` Naresh Kamboju
2024-07-17 6:24 ` Greg Kroah-Hartman
2024-07-17 15:51 ` Shuah Khan
2024-07-17 16:57 ` Allen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240716152748.814786413@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=arnd@arndb.de \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=zhe.he@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox