Skip to content

Commit

Permalink
futex: Sanitize futex ops argument types
Browse files Browse the repository at this point in the history 
Change futex_atomic_op_inuser and futex_atomic_cmpxchg_inatomic
prototypes to use u32 types for the futex as this is the data type the
futex core code uses all over the place.

Signed-off-by: Michel Lespinasse <walken@google.com>
Cc: Darren Hart <darren@dvhart.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: David Howells <dhowells@redhat.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Michal Simek <monstr@monstr.eu>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Chris Metcalf <cmetcalf@tilera.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
LKML-Reference: <20110311025058.GD26122@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
  • Loading branch information
@walken-google
walken-google authored and Thomas Gleixner committed Mar 11, 2011
1 parent 37a9d91 commit 8d7718a
Show file tree
Hide file tree
Showing 20 changed files with 116 additions and 110 deletions.
13 changes: 7 additions & 6 deletions arch/alpha/include/asm/futex.h
View file
Expand Up @@ -29,7 +29,7 @@
: "r" (uaddr), "r"(oparg) \
: "memory")

static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
static inline int futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
{
int op = (encoded_op >> 28) & 7;
int cmp = (encoded_op >> 24) & 15;
Expand All @@ -39,7 +39,7 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
oparg = 1 << oparg;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

pagefault_disable();
Expand Down Expand Up @@ -81,12 +81,13 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
}

static inline int
futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,
int oldval, int newval)
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
u32 oldval, u32 newval)
{
int ret = 0, prev, cmp;
int ret = 0, cmp;
u32 prev;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

__asm__ __volatile__ (
Expand Down
13 changes: 7 additions & 6 deletions arch/arm/include/asm/futex.h
View file
Expand Up @@ -35,7 +35,7 @@
: "cc", "memory")

static inline int
futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
{
int op = (encoded_op >> 28) & 7;
int cmp = (encoded_op >> 24) & 15;
Expand All @@ -46,7 +46,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
oparg = 1 << oparg;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

pagefault_disable(); /* implies preempt_disable() */
Expand Down Expand Up @@ -88,12 +88,13 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
}

static inline int
futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,
int oldval, int newval)
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
u32 oldval, u32 newval)
{
int ret = 0, val;
int ret = 0;
u32 val;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

/* Note that preemption is disabled by futex_atomic_cmpxchg_inatomic
Expand Down
6 changes: 3 additions & 3 deletions arch/frv/include/asm/futex.h
View file
Expand Up @@ -7,11 +7,11 @@
#include <asm/errno.h>
#include <asm/uaccess.h>

extern int futex_atomic_op_inuser(int encoded_op, int __user *uaddr);
extern int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr);

static inline int
futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,
int oldval, int newval)
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
u32 oldval, u32 newval)
{
return -ENOSYS;
}
Expand Down
14 changes: 7 additions & 7 deletions arch/frv/kernel/futex.c
View file
Expand Up @@ -18,7 +18,7 @@
* the various futex operations; MMU fault checking is ignored under no-MMU
* conditions
*/
static inline int atomic_futex_op_xchg_set(int oparg, int __user *uaddr, int *_oldval)
static inline int atomic_futex_op_xchg_set(int oparg, u32 __user *uaddr, int *_oldval)
{
int oldval, ret;

Expand Down Expand Up @@ -50,7 +50,7 @@ static inline int atomic_futex_op_xchg_set(int oparg, int __user *uaddr, int *_o
return ret;
}

static inline int atomic_futex_op_xchg_add(int oparg, int __user *uaddr, int *_oldval)
static inline int atomic_futex_op_xchg_add(int oparg, u32 __user *uaddr, int *_oldval)
{
int oldval, ret;

Expand Down Expand Up @@ -83,7 +83,7 @@ static inline int atomic_futex_op_xchg_add(int oparg, int __user *uaddr, int *_o
return ret;
}

static inline int atomic_futex_op_xchg_or(int oparg, int __user *uaddr, int *_oldval)
static inline int atomic_futex_op_xchg_or(int oparg, u32 __user *uaddr, int *_oldval)
{
int oldval, ret;

Expand Down Expand Up @@ -116,7 +116,7 @@ static inline int atomic_futex_op_xchg_or(int oparg, int __user *uaddr, int *_ol
return ret;
}

static inline int atomic_futex_op_xchg_and(int oparg, int __user *uaddr, int *_oldval)
static inline int atomic_futex_op_xchg_and(int oparg, u32 __user *uaddr, int *_oldval)
{
int oldval, ret;

Expand Down Expand Up @@ -149,7 +149,7 @@ static inline int atomic_futex_op_xchg_and(int oparg, int __user *uaddr, int *_o
return ret;
}

static inline int atomic_futex_op_xchg_xor(int oparg, int __user *uaddr, int *_oldval)
static inline int atomic_futex_op_xchg_xor(int oparg, u32 __user *uaddr, int *_oldval)
{
int oldval, ret;

Expand Down Expand Up @@ -186,7 +186,7 @@ static inline int atomic_futex_op_xchg_xor(int oparg, int __user *uaddr, int *_o
/*
* do the futex operations
*/
int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
{
int op = (encoded_op >> 28) & 7;
int cmp = (encoded_op >> 24) & 15;
Expand All @@ -197,7 +197,7 @@ int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
oparg = 1 << oparg;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

pagefault_disable();
Expand Down
10 changes: 5 additions & 5 deletions arch/ia64/include/asm/futex.h
View file
Expand Up @@ -46,7 +46,7 @@ do { \
} while (0)

static inline int
futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
{
int op = (encoded_op >> 28) & 7;
int cmp = (encoded_op >> 24) & 15;
Expand All @@ -56,7 +56,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
oparg = 1 << oparg;

if (! access_ok (VERIFY_WRITE, uaddr, sizeof(int)))
if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

pagefault_disable();
Expand Down Expand Up @@ -100,10 +100,10 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
}

static inline int
futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,
int oldval, int newval)
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
u32 oldval, u32 newval)
{
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

{
Expand Down
13 changes: 7 additions & 6 deletions arch/microblaze/include/asm/futex.h
View file
Expand Up @@ -29,7 +29,7 @@
})

static inline int
futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
{
int op = (encoded_op >> 28) & 7;
int cmp = (encoded_op >> 24) & 15;
Expand All @@ -39,7 +39,7 @@ futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
oparg = 1 << oparg;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

pagefault_disable();
Expand Down Expand Up @@ -94,12 +94,13 @@ futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
}

static inline int
futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,
int oldval, int newval)
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
u32 oldval, u32 newval)
{
int ret = 0, prev, cmp;
int ret = 0, cmp;
u32 prev;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

__asm__ __volatile__ ("1: lwx %1, %3, r0; \
Expand Down
13 changes: 7 additions & 6 deletions arch/mips/include/asm/futex.h
View file
Expand Up @@ -75,7 +75,7 @@
}

static inline int
futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
{
int op = (encoded_op >> 28) & 7;
int cmp = (encoded_op >> 24) & 15;
Expand All @@ -85,7 +85,7 @@ futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
oparg = 1 << oparg;

if (! access_ok (VERIFY_WRITE, uaddr, sizeof(int)))
if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

pagefault_disable();
Expand Down Expand Up @@ -132,12 +132,13 @@ futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
}

static inline int
futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,
int oldval, int newval)
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
u32 oldval, u32 newval)
{
int ret = 0, val;
int ret = 0;
u32 val;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

if (cpu_has_llsc && R10000_LLSC_WAR) {
Expand Down
12 changes: 6 additions & 6 deletions arch/parisc/include/asm/futex.h
View file
Expand Up @@ -8,7 +8,7 @@
#include <asm/errno.h>

static inline int
futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
{
int op = (encoded_op >> 28) & 7;
int cmp = (encoded_op >> 24) & 15;
Expand All @@ -18,7 +18,7 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
oparg = 1 << oparg;

if (! access_ok (VERIFY_WRITE, uaddr, sizeof(int)))
if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

pagefault_disable();
Expand Down Expand Up @@ -51,18 +51,18 @@ futex_atomic_op_inuser (int encoded_op, int __user *uaddr)

/* Non-atomic version */
static inline int
futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,
int oldval, int newval)
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
u32 oldval, u32 newval)
{
int val;
u32 val;

/* futex.c wants to do a cmpxchg_inatomic on kernel NULL, which is
* our gateway page, and causes no end of trouble...
*/
if (segment_eq(KERNEL_DS, get_fs()) && !uaddr)
return -EFAULT;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

if (get_user(val, uaddr))
Expand Down
13 changes: 7 additions & 6 deletions arch/powerpc/include/asm/futex.h
View file
Expand Up @@ -30,7 +30,7 @@
: "b" (uaddr), "i" (-EFAULT), "r" (oparg) \
: "cr0", "memory")

static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
static inline int futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
{
int op = (encoded_op >> 28) & 7;
int cmp = (encoded_op >> 24) & 15;
Expand All @@ -40,7 +40,7 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
oparg = 1 << oparg;

if (! access_ok (VERIFY_WRITE, uaddr, sizeof(int)))
if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

pagefault_disable();
Expand Down Expand Up @@ -82,12 +82,13 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
}

static inline int
futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,
int oldval, int newval)
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
u32 oldval, u32 newval)
{
int ret = 0, prev;
int ret = 0;
u32 prev;

if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

__asm__ __volatile__ (
Expand Down
10 changes: 5 additions & 5 deletions arch/s390/include/asm/futex.h
View file
Expand Up @@ -7,7 +7,7 @@
#include <linux/uaccess.h>
#include <asm/errno.h>

static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
static inline int futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
{
int op = (encoded_op >> 28) & 7;
int cmp = (encoded_op >> 24) & 15;
Expand All @@ -18,7 +18,7 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28))
oparg = 1 << oparg;

if (! access_ok (VERIFY_WRITE, uaddr, sizeof(int)))
if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

pagefault_disable();
Expand All @@ -39,10 +39,10 @@ static inline int futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
return ret;
}

static inline int futex_atomic_cmpxchg_inatomic(int *uval, int __user *uaddr,
int oldval, int newval)
static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
u32 oldval, u32 newval)
{
if (! access_ok (VERIFY_WRITE, uaddr, sizeof(int)))
if (! access_ok (VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;

return uaccess.futex_atomic_cmpxchg(uval, uaddr, oldval, newval);
Expand Down
4 changes: 2 additions & 2 deletions arch/s390/include/asm/uaccess.h
View file
Expand Up @@ -83,8 +83,8 @@ struct uaccess_ops {
size_t (*clear_user)(size_t, void __user *);
size_t (*strnlen_user)(size_t, const char __user *);
size_t (*strncpy_from_user)(size_t, const char __user *, char *);
int (*futex_atomic_op)(int op, int __user *, int oparg, int *old);
int (*futex_atomic_cmpxchg)(int *, int __user *, int old, int new);
int (*futex_atomic_op)(int op, u32 __user *, int oparg, int *old);
int (*futex_atomic_cmpxchg)(u32 *, u32 __user *, u32 old, u32 new);
};

extern struct uaccess_ops uaccess;
Expand Down
8 changes: 4 additions & 4 deletions arch/s390/lib/uaccess.h
View file
Expand Up @@ -12,12 +12,12 @@ extern size_t copy_from_user_std(size_t, const void __user *, void *);
extern size_t copy_to_user_std(size_t, void __user *, const void *);
extern size_t strnlen_user_std(size_t, const char __user *);
extern size_t strncpy_from_user_std(size_t, const char __user *, char *);
extern int futex_atomic_cmpxchg_std(int *, int __user *, int, int);
extern int futex_atomic_op_std(int, int __user *, int, int *);
extern int futex_atomic_cmpxchg_std(u32 *, u32 __user *, u32, u32);
extern int futex_atomic_op_std(int, u32 __user *, int, int *);

extern size_t copy_from_user_pt(size_t, const void __user *, void *);
extern size_t copy_to_user_pt(size_t, void __user *, const void *);
extern int futex_atomic_op_pt(int, int __user *, int, int *);
extern int futex_atomic_cmpxchg_pt(int *, int __user *, int, int);
extern int futex_atomic_op_pt(int, u32 __user *, int, int *);
extern int futex_atomic_cmpxchg_pt(u32 *, u32 __user *, u32, u32);

#endif /* __ARCH_S390_LIB_UACCESS_H */

0 comments on commit 8d7718a

Please sign in to comment.