[PATCH] Check and validate futex timeval

The futex timeval is not checked for correctness. The change does not
break existing applications as the timeval is supplied by glibc (and
glibc always passes a correct value), but the glibc-internal tests for
this functionality fail.

Signed-off-by: Thomas Gleixner <tglx@xxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxx>

----

kernel/futex.c | 4 +++-
kernel/futex_compat.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)

Index: linux/kernel/futex.c
===================================================================
--- linux.orig/kernel/futex.c
+++ linux/kernel/futex.c
@@ -1039,9 +1039,11 @@ asmlinkage long sys_futex(u32 __user *ua
unsigned long timeout = MAX_SCHEDULE_TIMEOUT;
int val2 = 0;

- if ((op == FUTEX_WAIT) && utime) {
+ if (utime && (op == FUTEX_WAIT)) {
if (copy_from_user(&t, utime, sizeof(t)) != 0)
return -EFAULT;
+ if (!timespec_valid(&t))
+ return -EINVAL;
timeout = timespec_to_jiffies(&t) + 1;
}
/*
Index: linux/kernel/futex_compat.c
===================================================================
--- linux.orig/kernel/futex_compat.c
+++ linux/kernel/futex_compat.c
@@ -129,9 +129,11 @@ asmlinkage long compat_sys_futex(u32 __u
unsigned long timeout = MAX_SCHEDULE_TIMEOUT;
int val2 = 0;

- if ((op == FUTEX_WAIT) && utime) {
+ if (utime && (op == FUTEX_WAIT)) {
if (get_compat_timespec(&t, utime))
return -EFAULT;
+ if (!timespec_valid(&t))
+ return -EINVAL;
timeout = timespec_to_jiffies(&t) + 1;
}
if (op >= FUTEX_REQUEUE)


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/