diff options
author | Thomas Gleixner <tglx@linutronix.de> | 2006-03-31 05:31:32 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-31 15:18:59 -0500 |
commit | 9741ef964dc8bfeb6520825df9fed8f538c3336e (patch) | |
tree | 6cc09d6b10a9ea9119a3a73e226300d747008bfe /kernel | |
parent | d425b274ba83ba4e7746a40446ec0ba3267de51f (diff) |
[PATCH] futex: check and validate timevals
The futex timeval is not checked for correctness. The change does not
break existing applications as the timeval is supplied by glibc (and glibc
always passes a correct value), but the glibc-internal tests for this
functionality fail.
Signed-off-by: Thomas Gleixner <tglx@tglx.de>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/futex.c | 4 | ||||
-rw-r--r-- | kernel/futex_compat.c | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/kernel/futex.c b/kernel/futex.c index 9c9b2b6b22dd..5699c512057b 100644 --- a/kernel/futex.c +++ b/kernel/futex.c | |||
@@ -1039,9 +1039,11 @@ asmlinkage long sys_futex(u32 __user *uaddr, int op, int val, | |||
1039 | unsigned long timeout = MAX_SCHEDULE_TIMEOUT; | 1039 | unsigned long timeout = MAX_SCHEDULE_TIMEOUT; |
1040 | int val2 = 0; | 1040 | int val2 = 0; |
1041 | 1041 | ||
1042 | if ((op == FUTEX_WAIT) && utime) { | 1042 | if (utime && (op == FUTEX_WAIT)) { |
1043 | if (copy_from_user(&t, utime, sizeof(t)) != 0) | 1043 | if (copy_from_user(&t, utime, sizeof(t)) != 0) |
1044 | return -EFAULT; | 1044 | return -EFAULT; |
1045 | if (!timespec_valid(&t)) | ||
1046 | return -EINVAL; | ||
1045 | timeout = timespec_to_jiffies(&t) + 1; | 1047 | timeout = timespec_to_jiffies(&t) + 1; |
1046 | } | 1048 | } |
1047 | /* | 1049 | /* |
diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c index 54274fc85321..1ab6a0ea3d14 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c | |||
@@ -129,9 +129,11 @@ asmlinkage long compat_sys_futex(u32 __user *uaddr, int op, u32 val, | |||
129 | unsigned long timeout = MAX_SCHEDULE_TIMEOUT; | 129 | unsigned long timeout = MAX_SCHEDULE_TIMEOUT; |
130 | int val2 = 0; | 130 | int val2 = 0; |
131 | 131 | ||
132 | if ((op == FUTEX_WAIT) && utime) { | 132 | if (utime && (op == FUTEX_WAIT)) { |
133 | if (get_compat_timespec(&t, utime)) | 133 | if (get_compat_timespec(&t, utime)) |
134 | return -EFAULT; | 134 | return -EFAULT; |
135 | if (!timespec_valid(&t)) | ||
136 | return -EINVAL; | ||
135 | timeout = timespec_to_jiffies(&t) + 1; | 137 | timeout = timespec_to_jiffies(&t) + 1; |
136 | } | 138 | } |
137 | if (op >= FUTEX_REQUEUE) | 139 | if (op >= FUTEX_REQUEUE) |