From: Aurelien Jarno <aurelien@aurel32.net>
Date: Tue, 2 May 2017 13:00:12 +0000 (+0000)
Subject: sh: fix futex FUTEX_OP_SET op on userspace addresses
X-Git-Tag: v5.15~9022^2~10
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=9b7e30ab975334448dc4c82941a48a3685a7642b;p=mirror_ubuntu-kernels.git

sh: fix futex FUTEX_OP_SET op on userspace addresses

Commit 00b73d8d1b71 ("sh: add working futex atomic ops on userspace
addresses for smp") changed the futex_atomic_op_inuser function to
use a loop. In case of the FUTEX_OP_SET op with a userspace address
containing a value different of 0, this loop is an endless loop.

Fix that by loading the value of oldval from the userspace before doing
the cmpxchg op, also for the FUTEX_OP_SET case.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Rich Felker <dalias@libc.org>
---

diff --git a/arch/sh/include/asm/futex.h b/arch/sh/include/asm/futex.h
index 15bf07bfa96b..6d192f4908a7 100644
--- a/arch/sh/include/asm/futex.h
+++ b/arch/sh/include/asm/futex.h
@@ -37,10 +37,7 @@ static inline int arch_futex_atomic_op_inuser(int op, u32 oparg, int *oval,
 	pagefault_disable();
 
 	do {
-		if (op == FUTEX_OP_SET)
-			ret = oldval = 0;
-		else
-			ret = get_user(oldval, uaddr);
+		ret = get_user(oldval, uaddr);
 
 		if (ret) break;