From patchwork Tue Feb 10 10:10:11 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: zhangjian X-Patchwork-Id: 5805891 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 17E529F36A for ; Tue, 10 Feb 2015 10:14:13 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 451DE20109 for ; Tue, 10 Feb 2015 10:14:12 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6915C20117 for ; Tue, 10 Feb 2015 10:14:10 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1YL7nC-0003Gb-BU; Tue, 10 Feb 2015 10:11:42 +0000 Received: from szxga01-in.huawei.com ([119.145.14.64]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1YL7n7-0003Au-Kx for linux-arm-kernel@lists.infradead.org; Tue, 10 Feb 2015 10:11:39 +0000 Received: from 172.24.2.119 (EHLO szxeml431-hub.china.huawei.com) ([172.24.2.119]) by szxrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CJI72723; Tue, 10 Feb 2015 18:10:42 +0800 (CST) Received: from linux696.huawei.com (10.110.52.23) by szxeml431-hub.china.huawei.com (10.82.67.208) with Microsoft SMTP Server id 14.3.158.1; Tue, 10 Feb 2015 18:09:32 +0800 From: "Zhang Jian(Bamvor)" To: Subject: [PATCH] compat: Fix endian issue in union sigval Date: Tue, 10 Feb 2015 18:10:11 +0800 Message-ID: <1423563011-12377-1-git-send-email-bamvor.zhangjian@huawei.com> X-Mailer: git-send-email 1.8.4.5 MIME-Version: 1.0 X-Originating-IP: [10.110.52.23] X-CFilter-Loop: Reflected X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20150210_021138_025955_A0F82C93 X-CRM114-Status: UNSURE ( 9.59 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.7 (/) Cc: catalin.marinas@arm.com, lizefan@huawei.com, will.deacon@arm.com, linux-kernel@vger.kernel.org, dingtianhong@huawei.com X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In 64bit architecture, sigval_int is the high 32bit of sigval_ptr in big endian kernel compare with low 32bit of sigval_ptr in little endian kernel. reference: typedef union sigval { int sival_int; void *sival_ptr; } sigval_t; During compat_mq_notify or compat_timer_create, kernel get sigval from user space by reading sigval.sival_int. This is correct in 32 bit kernel and in 64bit little endian kernel. And It is wrong in 64bit big endian kernel: It get the high 32bit of sigval_ptr and put it to low 32bit of sigval_ptr. And the high 32bit sigval_ptr in empty in arm 32bit user space struct. So, kernel lost the value of sigval_ptr. The following patch get the sigval_ptr in stead of sigval_int in order to avoid endian issue. Test pass in arm64 big endian and little endian kernel. Signed-off-by: Zhang Jian(Bamvor) --- ipc/compat_mq.c | 7 ++----- kernel/compat.c | 6 ++---- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/ipc/compat_mq.c b/ipc/compat_mq.c index ef6f91c..2e07343 100644 --- a/ipc/compat_mq.c +++ b/ipc/compat_mq.c @@ -99,11 +99,8 @@ COMPAT_SYSCALL_DEFINE2(mq_notify, mqd_t, mqdes, if (u_notification) { struct sigevent n; p = compat_alloc_user_space(sizeof(*p)); - if (get_compat_sigevent(&n, u_notification)) - return -EFAULT; - if (n.sigev_notify == SIGEV_THREAD) - n.sigev_value.sival_ptr = compat_ptr(n.sigev_value.sival_int); - if (copy_to_user(p, &n, sizeof(*p))) + if (get_compat_sigevent(&n, u_notification) || + copy_to_user(p, &n, sizeof(*p))) return -EFAULT; } return sys_mq_notify(mqdes, p); diff --git a/kernel/compat.c b/kernel/compat.c index ebb3c36..13a0e5d 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -871,16 +871,14 @@ COMPAT_SYSCALL_DEFINE4(clock_nanosleep, clockid_t, which_clock, int, flags, * We currently only need the following fields from the sigevent * structure: sigev_value, sigev_signo, sig_notify and (sometimes * sigev_notify_thread_id). The others are handled in user mode. - * We also assume that copying sigev_value.sival_int is sufficient - * to keep all the bits of sigev_value.sival_ptr intact. */ int get_compat_sigevent(struct sigevent *event, const struct compat_sigevent __user *u_event) { memset(event, 0, sizeof(*event)); return (!access_ok(VERIFY_READ, u_event, sizeof(*u_event)) || - __get_user(event->sigev_value.sival_int, - &u_event->sigev_value.sival_int) || + __get_user(*(long long*)event->sigev_value.sival_ptr, + &u_event->sigev_value.sival_ptr) || __get_user(event->sigev_signo, &u_event->sigev_signo) || __get_user(event->sigev_notify, &u_event->sigev_notify) || __get_user(event->sigev_notify_thread_id,