On Sun, 8 Dec 2024 at 14:54, Andreas Schwab <sch...@linux-m68k.org> wrote:
>
> This breaks userspace on ppc32. As soon as /init in the initrd is
> started the kernel hangs (without any messages).
Funky, funky. Most of the diff is the code movement (and some small
x86-specific stuff), so for ppc, the only part that should be relevant
is the futex_get_value_locked().
And since ppc doesn't do the masked user access thing, so it
*literally* boils down to just that
if (!user_read_access_begin(from, sizeof(*from)))
return -EFAULT;
unsafe_get_user(val, from, Efault);
user_access_end();
path.
Ahh... And now that I write that out, the bug is obvious: it should be using
user_read_access_end();
to match up with the user_read_access_begin().
And yeah, ppc is the only platform that has that
"read-vs-write-vs-both" thing, so this bug is not visible anywhere
else.
IOW, does this one-liner fix it for you?
--- a/kernel/futex/futex.h
+++ b/kernel/futex/futex.h
@@ -265,7 +265,7 @@
else if (!user_read_access_begin(from, sizeof(*from)))
return -EFAULT;
unsafe_get_user(val, from, Efault);
- user_access_end();
+ user_read_access_end();
*dest = val;
return 0;
Efault:
I bet it does, but I'll wait for confirmation before actually
committing that fix.
Thanks,
Linus
