| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <abc42dd6-43fc-4a44-a839-477c693e5dff@redhat.com>
Date: Mon, 11 Aug 2025 10:02:07 -0400
From: Waiman Long <llong@...hat.com>
To: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...nel.org>,
Peter Zijlstra <peterz@...radead.org>, Darren Hart <dvhart@...radead.org>,
Davidlohr Bueso <dave@...olabs.net>, André Almeida
<andrealmeid@...lia.com>, Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc: linux-kernel@...r.kernel.org
Subject: Re: [PATCH] futex: Use user_write_access_begin() in futex_put_value()
On 8/9/25 5:24 PM, Waiman Long wrote:
> Commit cec199c5e39b ("futex: Implement FUTEX2_NUMA") introduces a new
> futex_put_value() helper function to write a value to the given user
> address. However, it uses user_read_access_begin() before the write.
> For arches that differentiate between read and write accesses, like
> powerpc, futex_put_value() fails with a -EFAULT return value. Fix that
> by using user_write_access_begin().
>
> Fixes: cec199c5e39b ("futex: Implement FUTEX2_NUMA")
> Signed-off-by: Waiman Long <longman@...hat.com>
> ---
> kernel/futex/futex.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/futex/futex.h b/kernel/futex/futex.h
> index c74eac572acd..2b6ae6a2b2a2 100644
> --- a/kernel/futex/futex.h
> +++ b/kernel/futex/futex.h
> @@ -319,7 +319,7 @@ static __always_inline int futex_put_value(u32 val, u32 __user *to)
> {
> if (can_do_masked_user_access())
> to = masked_user_access_begin(to);
> - else if (!user_read_access_begin(to, sizeof(*to)))
> + else if (!user_write_access_begin(to, sizeof(*to)))
> return -EFAULT;
> unsafe_put_user(val, to, Efault);
> user_read_access_end();
Sorry, I forgot to use a matching user_write_access_end(). Will send out
a v2.
Cheers,
Longman
Powered by blists - more mailing lists