From patchwork Sat Dec 26 23:13:27 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Dmitry V. Levin" <ldv@altlinux.org>
X-Patchwork-Id: 561124
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <sparclinux-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 9A38F140C9B
	for <patchwork-incoming@ozlabs.org>;
	Sun, 27 Dec 2015 10:13:31 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752108AbbLZXNa (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sat, 26 Dec 2015 18:13:30 -0500
Received: from pegasus3.altlinux.org ([194.107.17.103]:50173 "EHLO
	pegasus3.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751572AbbLZXNa (ORCPT
	<rfc822; sparclinux@vger.kernel.org>); Sat, 26 Dec 2015 18:13:30 -0500
Received: from mua.local.altlinux.org (mua.local.altlinux.org [192.168.1.14])
	by pegasus3.altlinux.org (Postfix) with ESMTP id DF16580A90;
	Sun, 27 Dec 2015 02:13:27 +0300 (MSK)
Received: by mua.local.altlinux.org (Postfix, from userid 508)
	id D2C51AC40BE; Sun, 27 Dec 2015 02:13:27 +0300 (MSK)
Date: Sun, 27 Dec 2015 02:13:27 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: "David S. Miller" <davem@davemloft.net>
Cc: Rob Gardner <rob.gardner@oracle.com>, sparclinux@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH] sparc64: fix incorrect sign extension in
	sys_sparc64_personality
Message-ID: <20151226231327.GA18682@altlinux.org>
Mime-Version: 1.0
Content-Disposition: inline
Sender: sparclinux-owner@vger.kernel.org
Precedence: bulk
List-ID: <sparclinux.vger.kernel.org>
X-Mailing-List: sparclinux@vger.kernel.org

The value returned by sys_personality has type "long int".
It is saved to a variable of type "int", which is not a problem
yet because the type of task_struct->pesonality is "unsigned int".
The problem is the sign extension from "int" to "long int"
that happens on return from sys_sparc64_personality.

For example, a userspace call personality((unsigned) -EINVAL) will
result to any subsequent personality call, including absolutely
harmless read-only personality(0xffffffff) call, failing with
errno set to EINVAL.

Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Cc: <stable@vger.kernel.org>
---
 arch/sparc/kernel/sys_sparc_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
index 30e7ddb..c690c8e 100644
--- a/arch/sparc/kernel/sys_sparc_64.c
+++ b/arch/sparc/kernel/sys_sparc_64.c
@@ -413,15 +413,15 @@ out:
 
 SYSCALL_DEFINE1(sparc64_personality, unsigned long, personality)
 {
-	int ret;
+	long ret;
 
 	if (personality(current->personality) == PER_LINUX32 &&
 	    personality(personality) == PER_LINUX)
 		personality |= PER_LINUX32;
 	ret = sys_personality(personality);
 	if (personality(ret) == PER_LINUX32)
 		ret &= ~PER_LINUX32;
 
 	return ret;
 }