[PATCH] sys_alarm() unsigned signed conversion fixup

alarm() calls the kernel with an unsigend int timeout in seconds. The value is stored in the tv_sec field of a struct timeval to setup the itimer. The tv_sec field of struct timeval is of type long, which causes the tv_sec value to be negative on 32 bit machines if seconds > INT_MAX. Before the hrtimer merge (pre 2.6.16) such a negative value was converted to the maximum jiffies timeout by the timeval_to_jiffies conversion. It's not clear whether this was intended or just happened to be done by the timeval_to_jiffies code. hrtimers expect a timeval in canonical form and treat a negative timeout as already expired. This breaks the legitimate usage of alarm() with a timeout value > INT_MAX seconds. For 32 bit machines it is therefor necessary to limit the internal seconds value to avoid API breakage. Instead of doing this in all implementations of sys_alarm the duplicated sys_alarm code is moved into a common function in itimer.c Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Thomas Gleixner <tglx@linutronix.de> 2006-03-25 06:06:33 -0500
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-03-25 11:22:48 -0500
commit: c08b8a49100715b20e6f7c997e992428b5e06078 (patch)
tree: 014758fb05908a3d49eeadc77f16dfa7585b12ac
parent: 185ae6d7a32721e9062030a9f2d24ed714fa45df (diff)
6 files changed, 43 insertions, 61 deletions
diff --git a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c
index 70dba1f0e2ee..13e739e4c84d 100644
--- a/arch/ia64/ia32/sys_ia32.c
+++ b/arch/ia64/ia32/sys_ia32.c
@@ -1166,19 +1166,7 @@ put_tv32 (struct compat_timeval __user *o, struct timeval *i)
 asmlinkage unsigned long
 sys32_alarm (unsigned int seconds)
 {
-        struct itimerval it_new, it_old;
+        return alarm_setitimer(seconds);
-        unsigned int oldalarm;
-        it_new.it_interval.tv_sec = it_new.it_interval.tv_usec = 0;
-        it_new.it_value.tv_sec = seconds;
-        it_new.it_value.tv_usec = 0;
-        do_setitimer(ITIMER_REAL, &it_new, &it_old);
-        oldalarm = it_old.it_value.tv_sec;
-        /* ehhh.. We can't return 0 if we have an alarm pending.. */
-        /* And we'd better return too much than too little anyway */
-        if (it_old.it_value.tv_usec)
-                oldalarm++;
-        return oldalarm;
 }
 /* Translations due to time_t size differences.  Which affects all
diff --git a/arch/mips/kernel/sysirix.c b/arch/mips/kernel/sysirix.c
index 0fc3730a294f..5407b784cd01 100644
--- a/arch/mips/kernel/sysirix.c
+++ b/arch/mips/kernel/sysirix.c
@@ -645,27 +645,7 @@ static inline void getitimer_real(struct itimerval *value)
 asmlinkage unsigned int irix_alarm(unsigned int seconds)
 {
-        struct itimerval it_new, it_old;
+        return alarm_setitimer(seconds);
-        unsigned int oldalarm;
-        if (!seconds) {
-                getitimer_real(&it_old);
-                del_timer(&current->real_timer);
-        } else {
-                it_new.it_interval.tv_sec = it_new.it_interval.tv_usec = 0;
-                it_new.it_value.tv_sec = seconds;
-                it_new.it_value.tv_usec = 0;
-                do_setitimer(ITIMER_REAL, &it_new, &it_old);
-        }
-        oldalarm = it_old.it_value.tv_sec;
-        /*
-         * ehhh.. We can't return 0 if we have an alarm pending ...
-         * And we'd better return too much than too little anyway
-         */
-        if (it_old.it_value.tv_usec)
-                oldalarm++;
-        return oldalarm;
 }
 asmlinkage int irix_pause(void)
diff --git a/arch/x86_64/ia32/sys_ia32.c b/arch/x86_64/ia32/sys_ia32.c
index 2bc55af95419..2b2d029f477c 100644
--- a/arch/x86_64/ia32/sys_ia32.c
+++ b/arch/x86_64/ia32/sys_ia32.c
@@ -430,24 +430,12 @@ put_tv32(struct compat_timeval __user *o, struct timeval *i)
        return err; 
 }
-extern int do_setitimer(int which, struct itimerval *, struct itimerval *);
+extern unsigned int alarm_setitimer(unsigned int seconds);
 asmlinkage long
 sys32_alarm(unsigned int seconds)
 {
-        struct itimerval it_new, it_old;
+        return alarm_setitimer(seconds);
-        unsigned int oldalarm;
-        it_new.it_interval.tv_sec = it_new.it_interval.tv_usec = 0;
-        it_new.it_value.tv_sec = seconds;
-        it_new.it_value.tv_usec = 0;
-        do_setitimer(ITIMER_REAL, &it_new, &it_old);
-        oldalarm = it_old.it_value.tv_sec;
-        /* ehhh.. We can't return 0 if we have an alarm pending.. */
-        /* And we'd better return too much than too little anyway */
-        if (it_old.it_value.tv_usec)
-                oldalarm++;
-        return oldalarm;
 }
 /* Translations due to time_t size differences.  Which affects all
diff --git a/include/linux/time.h b/include/linux/time.h
index d9cdba54b789..bf0e785e2e03 100644
--- a/include/linux/time.h
+++ b/include/linux/time.h
@@ -101,6 +101,7 @@ extern long do_utimes(int dfd, char __user *filename, struct timeval *times);
 struct itimerval;
 extern int do_setitimer(int which, struct itimerval *value,
                        struct itimerval *ovalue);
+extern unsigned int alarm_setitimer(unsigned int seconds);
 extern int do_getitimer(int which, struct itimerval *value);
 extern void getnstimeofday(struct timespec *tv);
diff --git a/kernel/itimer.c b/kernel/itimer.c
index 379be2f8c84c..a2dc375927d8 100644
--- a/kernel/itimer.c
+++ b/kernel/itimer.c
@@ -226,6 +226,43 @@ again:
        return 0;
 }
+/**
+ * alarm_setitimer - set alarm in seconds
+ *
+ * @seconds:    number of seconds until alarm
+ *              0 disables the alarm
+ *
+ * Returns the remaining time in seconds of a pending timer or 0 when
+ * the timer is not active.
+ *
+ * On 32 bit machines the seconds value is limited to (INT_MAX/2) to avoid
+ * negative timeval settings which would cause immediate expiry.
+ */
+unsigned int alarm_setitimer(unsigned int seconds)
+{
+        struct itimerval it_new, it_old;
+#if BITS_PER_LONG < 64
+        if (seconds > INT_MAX)
+                seconds = INT_MAX;
+#endif
+        it_new.it_value.tv_sec = seconds;
+        it_new.it_value.tv_usec = 0;
+        it_new.it_interval.tv_sec = it_new.it_interval.tv_usec = 0;
+        do_setitimer(ITIMER_REAL, &it_new, &it_old);
+        /*
+         * We can't return 0 if we have an alarm pending ...  And we'd
+         * better return too much than too little anyway
+         */
+        if ((!it_old.it_value.tv_sec && it_old.it_value.tv_usec) ||
+              it_old.it_value.tv_usec >= 500000)
+                it_old.it_value.tv_sec++;
+        return it_old.it_value.tv_sec;
+}
 asmlinkage long sys_setitimer(int which,
                              struct itimerval __user *value,
                              struct itimerval __user *ovalue)
diff --git a/kernel/timer.c b/kernel/timer.c
index 17d956cebcb9..13fa72cac7d8 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
@@ -956,19 +956,7 @@ void do_timer(struct pt_regs *regs)
 */
 asmlinkage unsigned long sys_alarm(unsigned int seconds)
 {
-        struct itimerval it_new, it_old;
+        return alarm_setitimer(seconds);
-        unsigned int oldalarm;
-        it_new.it_interval.tv_sec = it_new.it_interval.tv_usec = 0;
-        it_new.it_value.tv_sec = seconds;
-        it_new.it_value.tv_usec = 0;
-        do_setitimer(ITIMER_REAL, &it_new, &it_old);
-        oldalarm = it_old.it_value.tv_sec;
-        /* ehhh.. We can't return 0 if we have an alarm pending.. */
-        /* And we'd better return too much than too little anyway */
-        if ((!oldalarm && it_old.it_value.tv_usec) || it_old.it_value.tv_usec >= 500000)
-                oldalarm++;
-        return oldalarm;
 }
 #endif
author	Thomas Gleixner <tglx@linutronix.de>	2006-03-25 06:06:33 -0500
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-03-25 11:22:48 -0500
commit	c08b8a49100715b20e6f7c997e992428b5e06078 (patch)
tree	014758fb05908a3d49eeadc77f16dfa7585b12ac
parent	185ae6d7a32721e9062030a9f2d24ed714fa45df (diff)