futex: futex_wake_op, fix sign_extend32 sign bits

sign_extend32 counts the sign bit parameter from 0, not from 1. So we have to use "11" for 12th bit, not "12". This mistake means we have not allowed negative op and cmp args since commit 30d6e0a ("futex: Remove duplicated code and fix undefined behaviour") till now. Fixes: 30d6e0a ("futex: Remove duplicated code and fix undefined behaviour") Signed-off-by: Jiri Slaby <[email protected]> Cc: Ingo Molnar <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Darren Hart <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
ambv · Dec 10, 2017 · d70ef22 · d70ef22
1 parent 51090c5
commit d70ef22
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/kernel/futex.c b/kernel/futex.c
@@ -1582,8 +1582,8 @@ static int futex_atomic_op_inuser(unsigned int encoded_op, u32 __user *uaddr)
 {
 	unsigned int op =	  (encoded_op & 0x70000000) >> 28;
 	unsigned int cmp =	  (encoded_op & 0x0f000000) >> 24;
-	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 12);
-	int cmparg = sign_extend32(encoded_op & 0x00000fff, 12);
+	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11);
+	int cmparg = sign_extend32(encoded_op & 0x00000fff, 11);
 	int oldval, ret;
 
 	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {