xtensa: fix futex_atomic_cmpxchg_inatomic
authorMax Filippov <jcmvbkbc@gmail.com>
Fri, 5 Jan 2018 22:27:58 +0000 (14:27 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 16 Feb 2018 19:23:07 +0000 (20:23 +0100)
commit ca47480921587ae30417dd234a9f79af188e3666 upstream.

Return 0 if the operation was successful, not the userspace memory
value. Check that userspace value equals passed oldval, not itself.
Don't update *uval if the value wasn't read from userspace memory.

This fixes process hang due to infinite loop in futex_lock_pi.
It also fixes a bunch of glibc tests nptl/tst-mutexpi*.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/xtensa/include/asm/futex.h

index eaaf1ebcc7a402eb1a40e91a5d9e077c59c6711e..5bfbc1c401d4cfb82fe5596f0a24689cabecdc98 100644 (file)
@@ -92,7 +92,6 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
                              u32 oldval, u32 newval)
 {
        int ret = 0;
-       u32 prev;
 
        if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
                return -EFAULT;
@@ -103,26 +102,24 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
 
        __asm__ __volatile__ (
        "       # futex_atomic_cmpxchg_inatomic\n"
-       "1:     l32i    %1, %3, 0\n"
-       "       mov     %0, %5\n"
-       "       wsr     %1, scompare1\n"
-       "2:     s32c1i  %0, %3, 0\n"
-       "3:\n"
+       "       wsr     %5, scompare1\n"
+       "1:     s32c1i  %1, %4, 0\n"
+       "       s32i    %1, %6, 0\n"
+       "2:\n"
        "       .section .fixup,\"ax\"\n"
        "       .align 4\n"
-       "4:     .long   3b\n"
-       "5:     l32r    %1, 4b\n"
-       "       movi    %0, %6\n"
+       "3:     .long   2b\n"
+       "4:     l32r    %1, 3b\n"
+       "       movi    %0, %7\n"
        "       jx      %1\n"
        "       .previous\n"
        "       .section __ex_table,\"a\"\n"
-       "       .long 1b,5b,2b,5b\n"
+       "       .long 1b,4b\n"
        "       .previous\n"
-       : "+r" (ret), "=&r" (prev), "+m" (*uaddr)
-       : "r" (uaddr), "r" (oldval), "r" (newval), "I" (-EFAULT)
+       : "+r" (ret), "+r" (newval), "+m" (*uaddr), "+m" (*uval)
+       : "r" (uaddr), "r" (oldval), "r" (uval), "I" (-EFAULT)
        : "memory");
 
-       *uval = prev;
        return ret;
 }