From patchwork Sat Aug  5 20:00:50 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Dmitry V. Levin" <ldv@altlinux.org>
X-Patchwork-Id: 798292
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <sparclinux-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=sparclinux-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3xPvmk2jVqz9sNV
	for <patchwork-incoming@ozlabs.org>;
	Sun,  6 Aug 2017 06:00:54 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751434AbdHEUAx (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sat, 5 Aug 2017 16:00:53 -0400
Received: from vmicros1.altlinux.org ([194.107.17.57]:38184 "EHLO
	vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751392AbdHEUAw (ORCPT
	<rfc822; sparclinux@vger.kernel.org>); Sat, 5 Aug 2017 16:00:52 -0400
Received: from mua.local.altlinux.org (mua.local.altlinux.org [192.168.1.14])
	by vmicros1.altlinux.org (Postfix) with ESMTP id 719B472CA59;
	Sat,  5 Aug 2017 23:00:50 +0300 (MSK)
Received: by mua.local.altlinux.org (Postfix, from userid 508)
	id 647597CCB5A; Sat,  5 Aug 2017 23:00:50 +0300 (MSK)
Date: Sat, 5 Aug 2017 23:00:50 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Ingo Molnar <mingo@kernel.org>, Thomas Gleixner <tglx@linutronix.de>,
	Andrew Morton <akpm@linux-foundation.org>,
	sparclinux@vger.kernel.org, linux-kernel@vger.kernel.org,
	Anatoly Pugachev <matorola@gmail.com>,
	Eugene Syromyatnikov <evgsyr@gmail.com>
Subject: [PATCH] Fix compat_sys_sigpending breakage introduced by
	v4.13-rc1~6^2~12
Message-ID: <20170805200050.GA24804@altlinux.org>
Mail-Followup-To: Al Viro <viro@zeniv.linux.org.uk>,
	Ingo Molnar <mingo@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Andrew Morton <akpm@linux-foundation.org>,
	sparclinux@vger.kernel.org, linux-kernel@vger.kernel.org,
	Anatoly Pugachev <matorola@gmail.com>,
	Eugene Syromyatnikov <evgsyr@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
Sender: sparclinux-owner@vger.kernel.org
Precedence: bulk
List-ID: <sparclinux.vger.kernel.org>
X-Mailing-List: sparclinux@vger.kernel.org

The latest change of compat_sys_sigpending has broken it in two ways.

First, it tries to write 4 bytes more than userspace expects:
sizeof(old_sigset_t) == sizeof(long) == 8 instead of
sizeof(compat_old_sigset_t) == sizeof(u32) == 4.

Second, on big endian architectures these bytes are being written
in the wrong order.

This bug was found by strace test suite.

Reported-by: Anatoly Pugachev <matorola@gmail.com>
Inspired-by: Eugene Syromyatnikov <evgsyr@gmail.com>
Fixes: 8f13621abced ("sigpending(): move compat to native")
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
ACKed-by: Al Viro <viro@zeniv.linux.org.uk>
---
 kernel/signal.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/kernel/signal.c b/kernel/signal.c
index caed913..7e33f8c 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -3303,12 +3303,15 @@ SYSCALL_DEFINE1(sigpending, old_sigset_t __user *, set)
 #ifdef CONFIG_COMPAT
 COMPAT_SYSCALL_DEFINE1(sigpending, compat_old_sigset_t __user *, set32)
 {
+#ifdef __BIG_ENDIAN
 	sigset_t set;
-	int err = do_sigpending(&set, sizeof(old_sigset_t)); 
-	if (err == 0)
-		if (copy_to_user(set32, &set, sizeof(old_sigset_t)))
-			err = -EFAULT;
+	int err = do_sigpending(&set, sizeof(set.sig[0]));
+	if (!err)
+		err = put_user(set.sig[0], set32);
 	return err;
+#else
+	return sys_rt_sigpending((sigset_t __user *)set32, sizeof(*set32));
+#endif
 }
 #endif