diff options
| author | Thomas Gleixner <tglx@linutronix.de> | 2006-03-25 06:06:35 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-25 11:22:49 -0500 |
| commit | 7d99b7d634d81bb372e03e4561c80430aa4cfac2 (patch) | |
| tree | 905654bd7cb4940126606cf212c61079eeca722b /Documentation | |
| parent | c08b8a49100715b20e6f7c997e992428b5e06078 (diff) | |
[PATCH] Validate and sanitze itimer timeval from userspace
According to the specification the timevals must be validated and an
errorcode -EINVAL returned in case the timevals are not in canonical form.
This check was never done in Linux.
The pre 2.6.16 code converted invalid timevals silently. Negative timeouts
were converted by the timeval_to_jiffies conversion to the maximum timeout.
hrtimers and the ktime_t operations expect timevals in canonical form.
Otherwise random results might happen on 32 bits machines due to the
optimized ktime_add/sub operations. Negative timeouts are treated as
already expired. This might break applications which work on pre 2.6.16.
To prevent random behaviour and API breakage the timevals are checked and
invalid timevals sanitized in a simliar way as the pre 2.6.16 code did.
Invalid timevals are reported with a per boot limited number of kernel
messages so applications which use this misfeature can be corrected.
After a grace period of one year the sanitizing should be replaced by a
correct validation check. This is also documented in
Documentation/feature-removal-schedule.txt
The validation and sanitizing is done inside do_setitimer so all callers
(sys_setitimer, compat_sys_setitimer, osf_setitimer) are catched.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/feature-removal-schedule.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt index 21272e4b4a5c..495858b236b6 100644 --- a/Documentation/feature-removal-schedule.txt +++ b/Documentation/feature-removal-schedule.txt | |||
| @@ -176,6 +176,18 @@ Who: Richard Knutsson <ricknu-0@student.ltu.se> and Greg Kroah-Hartman <gregkh@s | |||
| 176 | 176 | ||
| 177 | --------------------------- | 177 | --------------------------- |
| 178 | 178 | ||
| 179 | What: Usage of invalid timevals in setitimer | ||
| 180 | When: March 2007 | ||
| 181 | Why: POSIX requires to validate timevals in the setitimer call. This | ||
| 182 | was never done by Linux. The invalid (e.g. negative timevals) were | ||
| 183 | silently converted to more or less random timeouts and intervals. | ||
| 184 | Until the removal a per boot limited number of warnings is printed | ||
| 185 | and the timevals are sanitized. | ||
| 186 | |||
| 187 | Who: Thomas Gleixner <tglx@linutronix.de> | ||
| 188 | |||
| 189 | --------------------------- | ||
| 190 | |||
| 179 | What: I2C interface of the it87 driver | 191 | What: I2C interface of the it87 driver |
| 180 | When: January 2007 | 192 | When: January 2007 |
| 181 | Why: The ISA interface is faster and should be always available. The I2C | 193 | Why: The ISA interface is faster and should be always available. The I2C |