• Thomas Gleixner's avatar
    [PATCH] Validate and sanitze itimer timeval from userspace · 7d99b7d6
    Thomas Gleixner authored
    According to the specification the timevals must be validated and an
    errorcode -EINVAL returned in case the timevals are not in canonical form.
    This check was never done in Linux.
    
    The pre 2.6.16 code converted invalid timevals silently.  Negative timeouts
    were converted by the timeval_to_jiffies conversion to the maximum timeout.
    
    hrtimers and the ktime_t operations expect timevals in canonical form.
    Otherwise random results might happen on 32 bits machines due to the
    optimized ktime_add/sub operations.  Negative timeouts are treated as
    already expired.  This might break applications which work on pre 2.6.16.
    
    To prevent random behaviour and API breakage the timevals are checked and
    invalid timevals sanitized in a simliar way as the pre 2.6.16 code did.
    
    Invalid timevals are reported with a per boot limited number of kernel
    messages so applications which use this misfeature can be corrected.
    
    After a grace period of one year the sanitizing should be replaced by a
    correct validation check.  This is also documented in
    Documentation/feature-removal-schedule.txt
    
    The validation and sanitizing is done inside do_setitimer so all callers
    (sys_setitimer, compat_sys_setitimer, osf_setitimer) are catched.
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    7d99b7d6
itimer.c 9.25 KB