1. Patchew
  2. linux
  3. View series

[PATCH] m68k: Fix kernel_clone_args.flags in m68k_clone()

Finn Thain posted 1 patch 1 year, 6 months ago
There is a newer version of this series
arch/m68k/kernel/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] m68k: Fix kernel_clone_args.flags in m68k_clone()
Posted by Finn Thain 1 year, 6 months ago 
Stan Johnson recently reported a failure from the 'dump' command:

  DUMP: Date of this level 0 dump: Fri Aug  9 23:37:15 2024
  DUMP: Dumping /dev/sda (an unlisted file system) to /dev/null
  DUMP: Label: none
  DUMP: Writing 10 Kilobyte records
  DUMP: mapping (Pass I) [regular files]
  DUMP: mapping (Pass II) [directories]
  DUMP: estimated 3595695 blocks.
  DUMP: Context save fork fails in parent 671

The dump program uses the clone syscall with the CLONE_IO flag, that is,
flags == 0x80000000. When that value is cast from long int to u64 by
m68k_clone(), it undergoes sign-extension. The new value includes
CLONE_INTO_CGROUP so the validation in cgroup_css_set_fork() fails and
the syscall returns -EBADFD.

Avoid sign-extension by adopting the idiom used in kernel/fork.c when
casting clone flags.

Cc: Stan Johnson <userm57@yahoo.com>
Reported-by: Stan Johnson <userm57@yahoo.com>
Closes: https://lists.debian.org/debian-68k/2024/08/msg00000.html
Fixes: 6aabc1facdb2 ("m68k: Implement copy_thread_tls()")
Signed-off-by: Finn Thain <fthain@linux-m68k.org>
---
 arch/m68k/kernel/process.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/m68k/kernel/process.c b/arch/m68k/kernel/process.c
index 2584e94e2134..873dc94fdcd8 100644
--- a/arch/m68k/kernel/process.c
+++ b/arch/m68k/kernel/process.c
@@ -117,7 +117,7 @@ asmlinkage int m68k_clone(struct pt_regs *regs)
 {
 	/* regs will be equal to current_pt_regs() */
 	struct kernel_clone_args args = {
-		.flags		= regs->d1 & ~CSIGNAL,
+		.flags		= (lower_32_bits(regs->d1) & ~CSIGNAL),
 		.pidfd		= (int __user *)regs->d3,
 		.child_tid	= (int __user *)regs->d4,
 		.parent_tid	= (int __user *)regs->d3,
-- 
2.39.5
Re: [PATCH] m68k: Fix kernel_clone_args.flags in m68k_clone()
Posted by Geert Uytterhoeven 1 year, 6 months ago 
Hi Finn,

On Sat, Aug 10, 2024 at 9:14 AM Finn Thain <fthain@linux-m68k.org> wrote:
> Stan Johnson recently reported a failure from the 'dump' command:
>
>   DUMP: Date of this level 0 dump: Fri Aug  9 23:37:15 2024
>   DUMP: Dumping /dev/sda (an unlisted file system) to /dev/null
>   DUMP: Label: none
>   DUMP: Writing 10 Kilobyte records
>   DUMP: mapping (Pass I) [regular files]
>   DUMP: mapping (Pass II) [directories]
>   DUMP: estimated 3595695 blocks.
>   DUMP: Context save fork fails in parent 671
>
> The dump program uses the clone syscall with the CLONE_IO flag, that is,
> flags == 0x80000000. When that value is cast from long int to u64 by
> m68k_clone(), it undergoes sign-extension. The new value includes
> CLONE_INTO_CGROUP so the validation in cgroup_css_set_fork() fails and
> the syscall returns -EBADFD.
>
> Avoid sign-extension by adopting the idiom used in kernel/fork.c when
> casting clone flags.
>
> Cc: Stan Johnson <userm57@yahoo.com>
> Reported-by: Stan Johnson <userm57@yahoo.com>
> Closes: https://lists.debian.org/debian-68k/2024/08/msg00000.html
> Fixes: 6aabc1facdb2 ("m68k: Implement copy_thread_tls()")
> Signed-off-by: Finn Thain <fthain@linux-m68k.org>

Thanks for your patch!

> --- a/arch/m68k/kernel/process.c
> +++ b/arch/m68k/kernel/process.c
> @@ -117,7 +117,7 @@ asmlinkage int m68k_clone(struct pt_regs *regs)
>  {
>         /* regs will be equal to current_pt_regs() */
>         struct kernel_clone_args args = {
> -               .flags          = regs->d1 & ~CSIGNAL,
> +               .flags          = (lower_32_bits(regs->d1) & ~CSIGNAL),

While other architectures (nios2, sparc, generic code) do use
lower_32_bits() in similar code[*], IMHO this is misleading here, as
regs->d1 is never 64-bit.  What you really want is to avoid the sign
extension in the promotion from signed 32-bit to unsigned 64-bit.
So I think a cast to u32 makes more sense?

>                 .pidfd          = (int __user *)regs->d3,
>                 .child_tid      = (int __user *)regs->d4,
>                 .parent_tid     = (int __user *)regs->d3,

[*] The shared sparc32/64 code uses lower_32_bits on unsigned long,
    which is 64-bit on sparc64. Likewise for the generic code in kernel/fork.c.
    The nios2 code is a bit moot, as clone_flags is already unsigned, and
    unsigned long is always 32-bit on nios2.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
Re: [PATCH] m68k: Fix kernel_clone_args.flags in m68k_clone()
Posted by Finn Thain 1 year, 6 months ago 
On Sat, 10 Aug 2024, Geert Uytterhoeven wrote:

> >         /* regs will be equal to current_pt_regs() */
> >         struct kernel_clone_args args = {
> > -               .flags          = regs->d1 & ~CSIGNAL,
> > +               .flags          = (lower_32_bits(regs->d1) & ~CSIGNAL),
> 
> While other architectures (nios2, sparc, generic code) do use
> lower_32_bits() in similar code[*], IMHO this is misleading here, as
> regs->d1 is never 64-bit.  What you really want is to avoid the sign
> extension in the promotion from signed 32-bit to unsigned 64-bit.
> So I think a cast to u32 makes more sense?
> 

Yes, I think your solution is better.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.