android_kernel_samsung_msm8976/ipc
Mateusz Guzik 1f55176763 ipc: fix compat msgrcv with negative msgtyp
commit e7ca2552369c1dfe0216c626baf82c3d83ec36bb upstream.

Compat function takes msgtyp argument as u32 and passes it down to
do_msgrcv which results in casting to long, thus the sign is lost and we
get a big positive number instead.

Cast the argument to signed type before passing it down.

Signed-off-by: Mateusz Guzik <mguzik@redhat.com>
Reported-by: Gabriellla Schmidt <gsc@bruker.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Davidlohr Bueso <davidlohr@hp.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-04-19 10:10:50 +02:00
..
compat.c ipc: fix compat msgrcv with negative msgtyp 2015-04-19 10:10:50 +02:00
compat_mq.c
ipc_sysctl.c ipc: always handle a new value of auto_msgmni 2014-11-21 09:22:54 -08:00
ipcns_notifier.c
Makefile
mq_sysctl.c ipc,mqueue: remove limits for the amount of system-wide queues 2014-03-06 21:30:12 -08:00
mqueue.c ipc,mqueue: remove limits for the amount of system-wide queues 2014-03-06 21:30:12 -08:00
msg.c ipc: Fix 2 bugs in msgrcv() MSG_COPY implementation 2014-03-23 21:38:17 -07:00
msgutil.c ipc, msg: fix message length check for negative values 2013-12-04 10:56:10 -08:00
namespace.c ipc: drop ipc_lock_by_ptr 2013-10-18 07:45:48 -07:00
sem.c ipc/sem.c: synchronize semop and semctl with IPC_RMID 2013-12-04 10:56:12 -08:00
shm.c ipc,shm: fix shm_file deletion races 2013-11-29 11:11:41 -08:00
syscall.c
util.c ipc: update locking scheme comments 2013-12-04 10:56:12 -08:00
util.h ipc, msg: fix message length check for negative values 2013-12-04 10:56:10 -08:00