[meta-freescale] [meta-fsl-ppc krogoth][PATCH 1/1] ipc: fix compat msgrcv with negative msgtyp

Paul Vaduva Paul.Vaduva at enea.com
Wed Apr 27 06:27:21 PDT 2016 

BugLink: http://bugs.launchpad.net/bugs/1393355

Compat function takes msgtyp argument as u32 and passes it down to
do_msgrcv which results in casting to long, thus the sign is lost and we
get a big positive number instead.

Cast the argument to signed type before passing it down.

Signed-off-by: Paul Vaduva <Paul.Vaduva at enea.com>
---
 ...pc-fix-compat-msgrcv-with-negative-msgtyp.patch | 27 ++++++++++++++++++++++
 recipes-kernel/linux/linux-qoriq_3.12.bb           |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 recipes-kernel/linux/files/Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch

diff --git a/recipes-kernel/linux/files/Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch b/recipes-kernel/linux/files/Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch
new file mode 100644
index 0000000..b90a114
--- /dev/null
+++ b/recipes-kernel/linux/files/Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch
@@ -0,0 +1,27 @@
+BugLink: http://bugs.launchpad.net/bugs/1393355
+
+Compat function takes msgtyp argument as u32 and passes it down to
+do_msgrcv which results in casting to long, thus the sign is lost and we
+get a big positive number instead.
+
+Cast the argument to signed type before passing it down.
+
+Signed-off-by: Mateusz Guzik <mguzik at redhat.com>
+Reported-by: Gabriellla Schmidt <gsc at bruker.de>
+
+Upstream-Status::Backport
+Kernel 3.14
+
+diff --git a/ipc/compat.c b/ipc/compat.c
+index 892f658..d3b3760 100644
+--- a/ipc/compat.c
++++ b/ipc/compat.c
+@@ -381,7 +381,7 @@ COMPAT_SYSCALL_DEFINE6(ipc, u32, call, int, first, int, second,
+ 			uptr = compat_ptr(ipck.msgp);
+ 			fifth = ipck.msgtyp;
+ 		}
+-		return do_msgrcv(first, uptr, second, fifth, third,
++		return do_msgrcv(first, uptr, second, (s32)fifth, third,
+ 				 compat_do_msg_fill);
+ 	}
+ 	case MSGGET:
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb b/recipes-kernel/linux/linux-qoriq_3.12.bb
index 110d7ce..889c564 100644
--- a/recipes-kernel/linux/linux-qoriq_3.12.bb
+++ b/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -4,5 +4,6 @@ SRC_URI = "git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v1.9.x \
     file://modify-defconfig-t1040-nr-cpus.patch \
     file://net-sctp-CVE-2014-0101.patch \
     file://0001-powerpc-Align-TOC-to-256-bytes.patch \
+    file://Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch \
 "
 SRCREV = "43cecda943a6c40a833b588801b0929e8bd48813"
-- 
1.9.1

More information about the meta-freescale mailing list