commit 2ffb448ccbdd3de16e68220d4fa0864a75272dc3 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull timer fix from Thomas Gleixner:
"A single bugfix which prevents arbitrary sigev_notify values in
posix-timers"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
posix-timer: Properly check sigevent->sigev_notify

Linus Torvalds 8 years ago 2ffb448c c4372790

+17 -12

1 changed file

expand all

unified split

kernel

time

posix-timers.c

+17 -12

kernel/time/posix-timers.c

··· 434 { 435 struct task_struct *rtn = current->group_leader; 436 437 - if ((event->sigev_notify & SIGEV_THREAD_ID ) && 438 - (!(rtn = find_task_by_vpid(event->sigev_notify_thread_id)) || 439 - !same_thread_group(rtn, current) || 440 - (event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_SIGNAL)) 441 return NULL; 442 - 443 - if (((event->sigev_notify & ~SIGEV_THREAD_ID) != SIGEV_NONE) && 444 - ((event->sigev_signo <= 0) || (event->sigev_signo > SIGRTMAX))) 445 - return NULL; 446 - 447 - return task_pid(rtn); 448 } 449 450 static struct k_itimer * alloc_posix_timer(void) ··· 674 struct timespec64 ts64; 675 bool sig_none; 676 677 - sig_none = (timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE; 678 iv = timr->it_interval; 679 680 /* interval timer ? */ ··· 861 862 timr->it_interval = timespec64_to_ktime(new_setting->it_interval); 863 expires = timespec64_to_ktime(new_setting->it_value); 864 - sigev_none = (timr->it_sigev_notify & ~SIGEV_THREAD_ID) == SIGEV_NONE; 865 866 kc->timer_arm(timr, expires, flags & TIMER_ABSTIME, sigev_none); 867 timr->it_active = !sigev_none;

··· 434 { 435 struct task_struct *rtn = current->group_leader; 436 437 + switch (event->sigev_notify) { 438 + case SIGEV_SIGNAL | SIGEV_THREAD_ID: 439 + rtn = find_task_by_vpid(event->sigev_notify_thread_id); 440 + if (!rtn || !same_thread_group(rtn, current)) 441 + return NULL; 442 + /* FALLTHRU */ 443 + case SIGEV_SIGNAL: 444 + case SIGEV_THREAD: 445 + if (event->sigev_signo <= 0 || event->sigev_signo > SIGRTMAX) 446 + return NULL; 447 + /* FALLTHRU */ 448 + case SIGEV_NONE: 449 + return task_pid(rtn); 450 + default: 451 return NULL; 452 + } 453 } 454 455 static struct k_itimer * alloc_posix_timer(void) ··· 669 struct timespec64 ts64; 670 bool sig_none; 671 672 + sig_none = timr->it_sigev_notify == SIGEV_NONE; 673 iv = timr->it_interval; 674 675 /* interval timer ? */ ··· 856 857 timr->it_interval = timespec64_to_ktime(new_setting->it_interval); 858 expires = timespec64_to_ktime(new_setting->it_value); 859 + sigev_none = timr->it_sigev_notify == SIGEV_NONE; 860 861 kc->timer_arm(timr, expires, flags & TIMER_ABSTIME, sigev_none); 862 timr->it_active = !sigev_none;