summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSasikantha babu <sasikanth.v19@gmail.com>2012-03-21 20:10:54 +0530
committerThomas Gleixner <tglx@linutronix.de>2012-03-30 15:43:33 +0200
commitaa2bf9bc6414b6972b9e51903c1ce7b1f057aee2 (patch)
tree71bde0e8c10be9e425a5bba631a0fe033ba2245f
parentf52b69f86e27903d6896ed5fa7cd280fec8de532 (diff)
itimer: Schedule silent NULL pointer fixup in setitimer() for removal
setitimer() should return -EFAULT if called with an invalid pointer for value. The current code excludes a NULL pointer from this rule and silently uses it to stop the timer. This violates the spec. Warn about user space apps which rely on that feature and schedule it for removal. [ tglx: Massaged changelog, warn message and Doc entry ] Signed-off-by: Sasikantha babu <sasikanth.v19@gmail.com> Link: http://lkml.kernel.org/r/1332340854-26053-1-git-send-email-sasikanth.v19@gmail.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-rw-r--r--Documentation/feature-removal-schedule.txt8
-rw-r--r--kernel/itimer.c5
2 files changed, 12 insertions, 1 deletions
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt
index 0cad4803ffac..32fae81228f2 100644
--- a/Documentation/feature-removal-schedule.txt
+++ b/Documentation/feature-removal-schedule.txt
@@ -529,3 +529,11 @@ When: 3.5
Why: The old kmap_atomic() with two arguments is deprecated, we only
keep it for backward compatibility for few cycles and then drop it.
Who: Cong Wang <amwang@redhat.com>
+
+----------------------------
+
+What: setitimer accepts user NULL pointer (value)
+When: 3.6
+Why: setitimer is not returning -EFAULT if user pointer is NULL. This
+ violates the spec.
+Who: Sasikantha Babu <sasikanth.v19@gmail.com>
diff --git a/kernel/itimer.c b/kernel/itimer.c
index 22000c3db0dd..c70369a74b5a 100644
--- a/kernel/itimer.c
+++ b/kernel/itimer.c
@@ -284,8 +284,11 @@ SYSCALL_DEFINE3(setitimer, int, which, struct itimerval __user *, value,
if (value) {
if(copy_from_user(&set_buffer, value, sizeof(set_buffer)))
return -EFAULT;
- } else
+ } else {
memset((char *) &set_buffer, 0, sizeof(set_buffer));
+ WARN_ONCE(1, "setitimer: new_value pointer is NULL."
+ " Misfeature support will be removed\n");
+ }
error = do_setitimer(which, &set_buffer, ovalue ? &get_buffer : NULL);
if (error || !ovalue)