linux/kernel
Thomas Gleixner 7d99b7d634 [PATCH] Validate and sanitze itimer timeval from userspace
According to the specification the timevals must be validated and an
errorcode -EINVAL returned in case the timevals are not in canonical form.
This check was never done in Linux.

The pre 2.6.16 code converted invalid timevals silently.  Negative timeouts
were converted by the timeval_to_jiffies conversion to the maximum timeout.

hrtimers and the ktime_t operations expect timevals in canonical form.
Otherwise random results might happen on 32 bits machines due to the
optimized ktime_add/sub operations.  Negative timeouts are treated as
already expired.  This might break applications which work on pre 2.6.16.

To prevent random behaviour and API breakage the timevals are checked and
invalid timevals sanitized in a simliar way as the pre 2.6.16 code did.

Invalid timevals are reported with a per boot limited number of kernel
messages so applications which use this misfeature can be corrected.

After a grace period of one year the sanitizing should be replaced by a
correct validation check.  This is also documented in
Documentation/feature-removal-schedule.txt

The validation and sanitizing is done inside do_setitimer so all callers
(sys_setitimer, compat_sys_setitimer, osf_setitimer) are catched.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-25 08:22:49 -08:00
..
irq [PATCH] kernel/: small cleanups 2006-01-08 20:13:48 -08:00
power [PATCH] sem2mutex: kernel/ 2006-03-23 07:38:10 -08:00
.gitignore gitignore: ignore more generated files 2006-01-03 11:35:26 +01:00
acct.c [PATCH] move capable() to capability.h 2006-01-11 18:42:13 -08:00
audit.c [PATCH] EDAC: atomic scrub operations 2006-01-18 19:20:30 -08:00
auditsc.c Merge ../powerpc-merge 2006-02-24 14:05:47 +11:00
capability.c [PATCH] move capable() to capability.h 2006-01-11 18:42:13 -08:00
compat.c [PATCH] remove bogus asm/bug.h includes. 2006-02-07 20:56:35 -05:00
configs.c update the email address of Randy Dunlap 2006-01-03 13:37:51 +01:00
cpu.c [PATCH] clean up lock_cpu_hotplug() in cpufreq 2005-11-28 14:42:23 -08:00
cpuset.c [PATCH] cpuset: remove useless local variable initialization 2006-03-24 07:33:24 -08:00
dma.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
exec_domain.c [PATCH] Fix module refcount leak in __set_personality() 2006-03-24 07:33:30 -08:00
exit.c [PATCH] sem2mutex: tty 2006-03-23 07:38:11 -08:00
extable.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
fork.c [PATCH] cpuset memory spread slab cache optimizations 2006-03-24 07:33:23 -08:00
futex.c [PATCH] FRV: Make futex code compilable on nommu [try #2] 2006-01-06 08:33:33 -08:00
hrtimer.c [PATCH] fix next_timer_interrupt() for hrtimer 2006-03-06 18:40:44 -08:00
intermodule.c [PATCH] missing license tag in intermodule 2006-02-05 11:06:52 -08:00
itimer.c [PATCH] Validate and sanitze itimer timeval from userspace 2006-03-25 08:22:49 -08:00
kallsyms.c [PATCH] fix missing includes 2005-10-30 17:37:32 -08:00
Kconfig.hz [PATCH] i386: Selectable Frequency of the Timer Interrupt 2005-06-23 09:45:10 -07:00
Kconfig.preempt [PATCH] sched: voluntary kernel preemption 2005-06-25 16:24:45 -07:00
kexec.c [PATCH] move capable() to capability.h 2006-01-11 18:42:13 -08:00
kfifo.c [PATCH] gfp flags annotations - part 1 2005-10-08 15:00:57 -07:00
kmod.c [PATCH] Keys: Get rid of warning in kmod.c if keys disabled 2005-10-30 17:37:23 -08:00
kprobes.c [PATCH] sem2mutex: kprobes 2006-03-23 07:38:12 -08:00
ksysfs.c [PATCH] fix build error if CONFIG_SYSFS=n 2006-03-24 07:33:31 -08:00
kthread.c [PATCH] sem2mutex: kernel/ 2006-03-23 07:38:10 -08:00
Makefile [PATCH] relay: migrate from relayfs to a generic relay API 2006-03-23 19:56:55 +01:00
module.c [PATCH] strndup_user: convert module 2006-03-24 07:33:31 -08:00
mutex-debug.c [PATCH] fix/simplify mutex debugging code 2006-01-11 08:14:16 -08:00
mutex-debug.h [PATCH] mutex subsystem, debugging code 2006-01-09 15:59:20 -08:00
mutex.c [PATCH] mutex: trivial whitespace cleanups 2006-01-10 14:27:59 -08:00
mutex.h [PATCH] mutex subsystem, core 2006-01-09 15:59:19 -08:00
panic.c [PATCH] pause_on_oops command line option 2006-03-23 07:38:16 -08:00
params.c [PATCH] fix module sysfs files reference counting 2006-03-20 13:42:58 -08:00
pid.c [PATCH] RCU signal handling 2006-01-08 20:13:40 -08:00
posix-cpu-timers.c [PATCH] hrtimer: switch clock_nanosleep to hrtimer nanosleep API 2006-01-10 08:01:38 -08:00
posix-timers.c [PATCH] sem2mutex: kernel/ 2006-03-23 07:38:10 -08:00
printk.c [PATCH] console_setup() depends (wrongly?) on CONFIG_PRINTK 2006-03-24 07:33:27 -08:00
profile.c [PATCH] sem2mutex: kernel/ 2006-03-23 07:38:10 -08:00
ptrace.c [PATCH] fix zap_thread's ptrace related problems 2006-02-15 11:05:43 -08:00
rcupdate.c [PATCH] rcu_process_callbacks: don't cli() while testing ->nxtlist 2006-03-24 07:33:20 -08:00
rcutorture.c [PATCH] rcutorture: tag success/failure line with module parameters 2006-03-24 07:33:22 -08:00
relay.c [PATCH] relay: consolidate sendfile() and read() code 2006-03-23 19:58:45 +01:00
resource.c [PATCH] kernel/resource.c: __check_region(): remove pointless __deprecated 2006-01-10 08:02:02 -08:00
sched.c [PATCH] make bug messages more consistent 2006-03-23 07:38:16 -08:00
seccomp.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
signal.c [PATCH] sigprocmask: kill unneeded temp var 2006-03-23 07:38:15 -08:00
softirq.c [PATCH] on_each_cpu(): disable local interrupts 2006-03-22 07:53:59 -08:00
softlockup.c [PATCH] timer irq driven soft watchdog fix 2006-03-25 08:22:48 -08:00
spinlock.c [PATCH] BUILD_LOCK_OPS: cleanup preempt_disable() usage 2006-03-23 07:38:16 -08:00
stop_machine.c [PATCH] Remove set_fs() in stop_machine() 2006-01-10 08:01:25 -08:00
sys_ni.c [PATCH] Fix compile for CONFIG_SYSVIPC=n or CONFIG_SYSCTL=n 2006-02-20 20:00:11 -08:00
sys.c [PATCH] RLIMIT_CPU: document wrong return value 2006-03-24 07:33:30 -08:00
sysctl.c [PATCH] Range checking in do_proc_dointvec_(userhz_)jiffies_conv 2006-03-24 07:33:20 -08:00
time.c [PATCH] Normalize timespec for negative values in ns_to_timespec 2006-02-03 08:32:06 -08:00
timer.c [PATCH] sys_alarm() unsigned signed conversion fixup 2006-03-25 08:22:48 -08:00
uid16.c [PATCH] move capable() to capability.h 2006-01-11 18:42:13 -08:00
user.c [PATCH] free_uid() locking improvement 2006-03-24 07:33:20 -08:00
wait.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
workqueue.c [SCSI] add execute_in_process_context() API 2006-02-27 23:34:40 -06:00