hrtimer: fix *rmtp/restarts handling in compat_sys_nanosleep()

Spotted by Pavel Emelyanov and Alexey Dobriyan. compat_sys_nanosleep() implicitly uses hrtimer_nanosleep_restart(), this can't work. Make a suitable compat_nanosleep_restart() helper. Introduced by commit c70878b4e0b6cf8d2f1e46319e48e821ef4a8aba hrtimer: hook compat_sys_nanosleep up to high res timer code Also, set ->addr_limit = KERNEL_DS before doing hrtimer_nanosleep(), this func was changed by the previous patch and now takes the "__user *" parameter. Thanks to Ingo Molnar for fixing the bug in this patch. Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Alexey Dobriyan <adobriyan@sw.ru> Cc: Pavel Emelyanov <xemul@sw.ru> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Toyo Abe <toyoa@mvista.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
author: Oleg Nesterov <oleg@tv-sign.ru> 2008-02-01 12:35:31 -0500
committer: Thomas Gleixner <tglx@linutronix.de> 2008-02-10 04:48:03 -0500
commit: 416529374b4793ba2d2e97e736d108a2e0f3ef07 (patch)
tree: 2523182bf1dd501aeef28a2c578d86b95cd90683
parent: 080344b98805553f9b01de0f59a41b1533036d8d (diff)
1 files changed, 40 insertions, 4 deletions
diff --git a/kernel/compat.c b/kernel/compat.c
index 42a1ed4b61b1..f2a297504287 100644
--- a/kernel/compat.c
+++ b/kernel/compat.c
@@ -40,10 +40,36 @@ int put_compat_timespec(const struct timespec *ts, struct compat_timespec __user
                        __put_user(ts->tv_nsec, &cts->tv_nsec)) ? -EFAULT : 0;
 }
+static long compat_nanosleep_restart(struct restart_block *restart)
+{
+        struct compat_timespec __user *rmtp;
+        struct timespec rmt;
+        mm_segment_t oldfs;
+        long ret;
+        rmtp = (struct compat_timespec __user *)(restart->arg1);
+        restart->arg1 = (unsigned long)&rmt;
+        oldfs = get_fs();
+        set_fs(KERNEL_DS);
+        ret = hrtimer_nanosleep_restart(restart);
+        set_fs(oldfs);
+        if (ret) {
+                restart->fn = compat_nanosleep_restart;
+                restart->arg1 = (unsigned long)rmtp;
+                if (rmtp && put_compat_timespec(&rmt, rmtp))
+                        return -EFAULT;
+        }
+        return ret;
+}
 asmlinkage long compat_sys_nanosleep(struct compat_timespec __user *rqtp,
                                     struct compat_timespec __user *rmtp)
 {
        struct timespec tu, rmt;
+        mm_segment_t oldfs;
        long ret;
        if (get_compat_timespec(&tu, rqtp))
@@ -52,11 +78,21 @@ asmlinkage long compat_sys_nanosleep(struct compat_timespec __user *rqtp,
        if (!timespec_valid(&tu))
                return -EINVAL;
-        ret = hrtimer_nanosleep(&tu, rmtp ? &rmt : NULL, HRTIMER_MODE_REL,
+        oldfs = get_fs();
-                                CLOCK_MONOTONIC);
+        set_fs(KERNEL_DS);
+        ret = hrtimer_nanosleep(&tu,
+                                rmtp ? (struct timespec __user *)&rmt : NULL,
+                                HRTIMER_MODE_REL, CLOCK_MONOTONIC);
+        set_fs(oldfs);
+        if (ret) {
+                struct restart_block *restart
+                        = &current_thread_info()->restart_block;
+                restart->fn = compat_nanosleep_restart;
+                restart->arg1 = (unsigned long)rmtp;
-        if (ret && rmtp) {
+                if (rmtp && put_compat_timespec(&rmt, rmtp))
-                if (put_compat_timespec(&rmt, rmtp))
                        return -EFAULT;
        }
author	Oleg Nesterov <oleg@tv-sign.ru>	2008-02-01 12:35:31 -0500
committer	Thomas Gleixner <tglx@linutronix.de>	2008-02-10 04:48:03 -0500
commit	416529374b4793ba2d2e97e736d108a2e0f3ef07 (patch)
tree	2523182bf1dd501aeef28a2c578d86b95cd90683
parent	080344b98805553f9b01de0f59a41b1533036d8d (diff)

diff --git a/kernel/compat.c b/kernel/compat.c index 42a1ed4b61b1..f2a297504287 100644 --- a/kernel/compat.c +++ b/kernel/compat.c
@@ -40,10 +40,36 @@ int put_compat_timespec(const struct timespec *ts, struct compat_timespec __user
40	__put_user(ts->tv_nsec, &cts->tv_nsec)) ? -EFAULT : 0;	40	__put_user(ts->tv_nsec, &cts->tv_nsec)) ? -EFAULT : 0;
41	}	41	}
42		42
		43	static long compat_nanosleep_restart(struct restart_block *restart)
		44	{
		45	struct compat_timespec __user *rmtp;
		46	struct timespec rmt;
		47	mm_segment_t oldfs;
		48	long ret;
		49
		50	rmtp = (struct compat_timespec __user *)(restart->arg1);
		51	restart->arg1 = (unsigned long)&rmt;
		52	oldfs = get_fs();
		53	set_fs(KERNEL_DS);
		54	ret = hrtimer_nanosleep_restart(restart);
		55	set_fs(oldfs);
		56
		57	if (ret) {
		58	restart->fn = compat_nanosleep_restart;
		59	restart->arg1 = (unsigned long)rmtp;
		60
		61	if (rmtp && put_compat_timespec(&rmt, rmtp))
		62	return -EFAULT;
		63	}
		64
		65	return ret;
		66	}
		67
43	asmlinkage long compat_sys_nanosleep(struct compat_timespec __user *rqtp,	68	asmlinkage long compat_sys_nanosleep(struct compat_timespec __user *rqtp,
44	struct compat_timespec __user *rmtp)	69	struct compat_timespec __user *rmtp)
45	{	70	{
46	struct timespec tu, rmt;	71	struct timespec tu, rmt;
		72	mm_segment_t oldfs;
47	long ret;	73	long ret;
48		74
49	if (get_compat_timespec(&tu, rqtp))	75	if (get_compat_timespec(&tu, rqtp))
@@ -52,11 +78,21 @@ asmlinkage long compat_sys_nanosleep(struct compat_timespec __user *rqtp,
52	if (!timespec_valid(&tu))	78	if (!timespec_valid(&tu))
53	return -EINVAL;	79	return -EINVAL;
54		80
55	ret = hrtimer_nanosleep(&tu, rmtp ? &rmt : NULL, HRTIMER_MODE_REL,	81	oldfs = get_fs();
56	CLOCK_MONOTONIC);	82	set_fs(KERNEL_DS);
		83	ret = hrtimer_nanosleep(&tu,
		84	rmtp ? (struct timespec __user *)&rmt : NULL,
		85	HRTIMER_MODE_REL, CLOCK_MONOTONIC);
		86	set_fs(oldfs);
		87
		88	if (ret) {
		89	struct restart_block *restart
		90	= &current_thread_info()->restart_block;
		91
		92	restart->fn = compat_nanosleep_restart;
		93	restart->arg1 = (unsigned long)rmtp;
57		94
58	if (ret && rmtp) {	95	if (rmtp && put_compat_timespec(&rmt, rmtp))
59	if (put_compat_timespec(&rmt, rmtp))
60	return -EFAULT;	96	return -EFAULT;
61	}	97	}
62		98