BugLink: http://bugs.launchpad.net/bugs/1393355

Compat function takes msgtyp argument as u32 and passes it down to
do_msgrcv which results in casting to long, thus the sign is lost and we
get a big positive number instead.

Cast the argument to signed type before passing it down.

Signed-off-by: Paul Vaduva <paul.vad...@enea.com>
---
 ...pc-fix-compat-msgrcv-with-negative-msgtyp.patch | 27 ++++++++++++++++++++++
 recipes-kernel/linux/linux-qoriq_3.12.bb           |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 
recipes-kernel/linux/files/Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch

diff --git 
a/recipes-kernel/linux/files/Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch
 
b/recipes-kernel/linux/files/Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch
new file mode 100644
index 0000000..b90a114
--- /dev/null
+++ 
b/recipes-kernel/linux/files/Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch
@@ -0,0 +1,27 @@
+BugLink: http://bugs.launchpad.net/bugs/1393355
+
+Compat function takes msgtyp argument as u32 and passes it down to
+do_msgrcv which results in casting to long, thus the sign is lost and we
+get a big positive number instead.
+
+Cast the argument to signed type before passing it down.
+
+Signed-off-by: Mateusz Guzik <mgu...@redhat.com>
+Reported-by: Gabriellla Schmidt <g...@bruker.de>
+
+Upstream-Status::Backport
+Kernel 3.14
+
+diff --git a/ipc/compat.c b/ipc/compat.c
+index 892f658..d3b3760 100644
+--- a/ipc/compat.c
++++ b/ipc/compat.c
+@@ -381,7 +381,7 @@ COMPAT_SYSCALL_DEFINE6(ipc, u32, call, int, first, int, 
second,
+                       uptr = compat_ptr(ipck.msgp);
+                       fifth = ipck.msgtyp;
+               }
+-              return do_msgrcv(first, uptr, second, fifth, third,
++              return do_msgrcv(first, uptr, second, (s32)fifth, third,
+                                compat_do_msg_fill);
+       }
+       case MSGGET:
diff --git a/recipes-kernel/linux/linux-qoriq_3.12.bb 
b/recipes-kernel/linux/linux-qoriq_3.12.bb
index 110d7ce..889c564 100644
--- a/recipes-kernel/linux/linux-qoriq_3.12.bb
+++ b/recipes-kernel/linux/linux-qoriq_3.12.bb
@@ -4,5 +4,6 @@ SRC_URI = 
"git://git.freescale.com/ppc/sdk/linux.git;branch=sdk-v1.9.x \
     file://modify-defconfig-t1040-nr-cpus.patch \
     file://net-sctp-CVE-2014-0101.patch \
     file://0001-powerpc-Align-TOC-to-256-bytes.patch \
+    file://Trusty-SRU-ipc-fix-compat-msgrcv-with-negative-msgtyp.patch \
 "
 SRCREV = "43cecda943a6c40a833b588801b0929e8bd48813"
-- 
1.9.1

-- 
_______________________________________________
meta-freescale mailing list
meta-freescale@yoctoproject.org
https://lists.yoctoproject.org/listinfo/meta-freescale

Reply via email to