linux.git/drivers/misc/ntsync.c, branch v6.18.21 Clone of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git ntsync: Check wait count based on byte size. 2025-02-21T10:57:33+00:00 Elizabeth Figura zfigura@codeweavers.com 2025-02-20T19:23:34+00:00 92527e473911b835c2c18b0c55c337c33e85ff00 GCC versions below 13 incorrectly detect the copy size as being static and too small to fit in the "fds" array. Work around this by explicitly calculating the size and returning EINVAL based on that, instead of based on the object count. Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202502072019.LYoCR9bF-lkp@intel.com/ Suggested-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com> -- Suggested-by as per Arnd's request, but the only thing I changed was preserving array_size() [as noted by Geert in the linked thread]. I tested and found no regressions. v2: Add missing sign-off Link: https://lore.kernel.org/r/20250220192334.549167-1-zfigura@codeweavers.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
GCC versions below 13 incorrectly detect the copy size as being static and too
small to fit in the "fds" array. Work around this by explicitly calculating the
size and returning EINVAL based on that, instead of based on the object count.

Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202502072019.LYoCR9bF-lkp@intel.com/
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>

--

Suggested-by as per Arnd's request, but the only thing I changed was preserving
array_size() [as noted by Geert in the linked thread]. I tested and found no
regressions.

v2: Add missing sign-off
Link: https://lore.kernel.org/r/20250220192334.549167-1-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ntsync: Set the permissions to be 0666 2025-02-19T14:23:41+00:00 Mike Lothian mike@fireburn.co.uk 2025-02-14T12:28:00+00:00 fa2e55811ae25020a5e9b23a8932e67e6d6261a4 This allows ntsync to be usuable by non-root processes out of the box Signed-off-by: Mike Lothian <mike@fireburn.co.uk> Reviewed-by: Elizabeth Figura <zfigura@codeweavers.com> Link: https://lore.kernel.org/r/20250214122759.2629-2-mike@fireburn.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
This allows ntsync to be usuable by non-root processes out of the box

Signed-off-by: Mike Lothian <mike@fireburn.co.uk>
Reviewed-by: Elizabeth Figura <zfigura@codeweavers.com>
Link: https://lore.kernel.org/r/20250214122759.2629-2-mike@fireburn.co.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ntsync: Fix reference leaks in the remaining create ioctls. 2025-01-17T12:10:07+00:00 Elizabeth Figura zfigura@codeweavers.com 2025-01-16T19:07:17+00:00 970b9757cb44c315b5c3da6b1b35a1ffb07cca5a When ntsync_obj_get_fd() fails, we free the ntsync object but forget to drop the "file" member. This was fixed for semaphores in 0e7d523b5f7a23b1dc6ceceb04e31a60e9e3321d, but that commit did not fix the similar leak for events and mutexes, since they were part of patches not yet in the mainline kernel. Fix those cases. Fixes: 5bc2479a3585b "ntsync: Introduce NTSYNC_IOC_CREATE_MUTEX." Fixes: 4c7404b9c2b57 "ntsync: Introduce NTSYNC_IOC_CREATE_EVENT." Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com> Link: https://lore.kernel.org/r/20250116190717.8923-1-zfigura@codeweavers.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
When ntsync_obj_get_fd() fails, we free the ntsync object but forget to drop the
"file" member.

This was fixed for semaphores in 0e7d523b5f7a23b1dc6ceceb04e31a60e9e3321d, but
that commit did not fix the similar leak for events and mutexes, since they were
part of patches not yet in the mainline kernel. Fix those cases.

Fixes: 5bc2479a3585b "ntsync: Introduce NTSYNC_IOC_CREATE_MUTEX."
Fixes: 4c7404b9c2b57 "ntsync: Introduce NTSYNC_IOC_CREATE_EVENT."
Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
Link: https://lore.kernel.org/r/20250116190717.8923-1-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ntsync: fix a file reference leak in drivers/misc/ntsync.c 2025-01-16T13:03:10+00:00 Al Viro viro@zeniv.linux.org.uk 2025-01-15T02:50:02+00:00 0e7d523b5f7a23b1dc6ceceb04e31a60e9e3321d struct ntsync_obj contains a reference to struct file and that reference contributes to refcount - ntsync_alloc_obj() grabs it. Normally the object is destroyed (and reference to obj->file dropped) in ntsync_obj_release(). However, in case of ntsync_obj_get_fd() failure the object is destroyed directly by its creator. That case should also drop obj->file; plain kfree(obj) is not enough there - it ends up leaking struct file * reference. Take that logics into a helper (ntsync_free_obj()) and use it in both codepaths that destroy ntsync_obj instances. Fixes: b46271ec40a05 "ntsync: Introduce NTSYNC_IOC_CREATE_SEM" Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Reviewed-by: Elizabeth Figura <zfigura@codeweavers.com> Link: https://lore.kernel.org/r/20250115025002.GA1977892@ZenIV Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
	struct ntsync_obj contains a reference to struct file
and that reference contributes to refcount - ntsync_alloc_obj()
grabs it.  Normally the object is destroyed (and reference
to obj->file dropped) in ntsync_obj_release().  However, in
case of ntsync_obj_get_fd() failure the object is destroyed
directly by its creator.

	That case should also drop obj->file; plain kfree(obj)
is not enough there - it ends up leaking struct file * reference.

	Take that logics into a helper (ntsync_free_obj()) and
use it in both codepaths that destroy ntsync_obj instances.

Fixes: b46271ec40a05 "ntsync: Introduce NTSYNC_IOC_CREATE_SEM"
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Reviewed-by: Elizabeth Figura <zfigura@codeweavers.com>
Link: https://lore.kernel.org/r/20250115025002.GA1977892@ZenIV
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ntsync: Introduce alertable waits. 2025-01-08T12:18:11+00:00 Elizabeth Figura zfigura@codeweavers.com 2024-12-13T19:34:56+00:00 a138179a59d47690b069fbded1be12f47648ef07 NT waits can optionally be made "alertable". This is a special channel for thread wakeup that is mildly similar to SIGIO. A thread has an internal single bit of "alerted" state, and if a thread is alerted while an alertable wait, the wait will return a special value, consume the "alerted" state, and will not consume any of its objects. Alerts are implemented using events; the user-space NT emulator is expected to create an internal ntsync event for each thread and pass that event to wait functions. Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20241213193511.457338-16-zfigura@codeweavers.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
NT waits can optionally be made "alertable". This is a special channel for
thread wakeup that is mildly similar to SIGIO. A thread has an internal single
bit of "alerted" state, and if a thread is alerted while an alertable wait, the
wait will return a special value, consume the "alerted" state, and will not
consume any of its objects.

Alerts are implemented using events; the user-space NT emulator is expected to
create an internal ntsync event for each thread and pass that event to wait
functions.

Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20241213193511.457338-16-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ntsync: Introduce NTSYNC_IOC_EVENT_READ. 2025-01-08T12:18:11+00:00 Elizabeth Figura zfigura@codeweavers.com 2024-12-13T19:34:55+00:00 e864071a630cfbbd55251e7b45461003f4f79877 This corresponds to the NT syscall NtQueryEvent(). This returns the signaled state of the event and whether it is manual-reset. Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com> Link: https://lore.kernel.org/r/20241213193511.457338-15-zfigura@codeweavers.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
This corresponds to the NT syscall NtQueryEvent().

This returns the signaled state of the event and whether it is manual-reset.

Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
Link: https://lore.kernel.org/r/20241213193511.457338-15-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ntsync: Introduce NTSYNC_IOC_MUTEX_READ. 2025-01-08T12:18:11+00:00 Elizabeth Figura zfigura@codeweavers.com 2024-12-13T19:34:54+00:00 0b3c31449d28c83c0b8a8a7be569aa30d70b7764 This corresponds to the NT syscall NtQueryMutant(). This returns the recursion count, owner, and abandoned state of the mutex. Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com> Link: https://lore.kernel.org/r/20241213193511.457338-14-zfigura@codeweavers.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
This corresponds to the NT syscall NtQueryMutant().

This returns the recursion count, owner, and abandoned state of the mutex.

Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
Link: https://lore.kernel.org/r/20241213193511.457338-14-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ntsync: Introduce NTSYNC_IOC_SEM_READ. 2025-01-08T12:18:11+00:00 Elizabeth Figura zfigura@codeweavers.com 2024-12-13T19:34:53+00:00 a948f4177c3cce5f27648696da95c62c0253a099 This corresponds to the NT syscall NtQuerySemaphore(). This returns the current count and maximum count of the semaphore. Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com> Link: https://lore.kernel.org/r/20241213193511.457338-13-zfigura@codeweavers.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
This corresponds to the NT syscall NtQuerySemaphore().

This returns the current count and maximum count of the semaphore.

Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
Link: https://lore.kernel.org/r/20241213193511.457338-13-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ntsync: Introduce NTSYNC_IOC_EVENT_PULSE. 2025-01-08T12:18:11+00:00 Elizabeth Figura zfigura@codeweavers.com 2024-12-13T19:34:52+00:00 12b29d3008e6bd5118af716ae2971fe6823b117a This corresponds to the NT syscall NtPulseEvent(). This wakes up any waiters as if the event had been set, but does not set the event, instead resetting it if it had been signalled. Thus, for a manual-reset event, all waiters are woken, whereas for an auto-reset event, at most one waiter is woken. Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20241213193511.457338-12-zfigura@codeweavers.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
This corresponds to the NT syscall NtPulseEvent().

This wakes up any waiters as if the event had been set, but does not set the
event, instead resetting it if it had been signalled. Thus, for a manual-reset
event, all waiters are woken, whereas for an auto-reset event, at most one
waiter is woken.

Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20241213193511.457338-12-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ntsync: Introduce NTSYNC_IOC_EVENT_RESET. 2025-01-08T12:18:11+00:00 Elizabeth Figura zfigura@codeweavers.com 2024-12-13T19:34:51+00:00 bbb9797514b20c316314b78a439f87fd16b7c509 This corresponds to the NT syscall NtResetEvent(). This sets the event to the unsignaled state, and returns its previous state. Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20241213193511.457338-11-zfigura@codeweavers.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
This corresponds to the NT syscall NtResetEvent().

This sets the event to the unsignaled state, and returns its previous state.

Signed-off-by: Elizabeth Figura <zfigura@codeweavers.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20241213193511.457338-11-zfigura@codeweavers.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>