itimer: Schedule silent NULL pointer fixup in setitimer() for removal
authorSasikantha babu <sasikanth.v19@gmail.com>
Wed, 21 Mar 2012 14:40:54 +0000 (20:10 +0530)
committerThomas Gleixner <tglx@linutronix.de>
Fri, 30 Mar 2012 13:43:33 +0000 (15:43 +0200)
setitimer() should return -EFAULT if called with an invalid pointer
for value. The current code excludes a NULL pointer from this rule and
silently uses it to stop the timer. This violates the spec.

Warn about user space apps which rely on that feature and schedule it
for removal.

[ tglx: Massaged changelog, warn message and Doc entry ]

Signed-off-by: Sasikantha babu <sasikanth.v19@gmail.com>
Link: http://lkml.kernel.org/r/1332340854-26053-1-git-send-email-sasikanth.v19@gmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Documentation/feature-removal-schedule.txt
kernel/itimer.c

index 0cad4803ffacd2c021f33407f21e9ead735c9bac..32fae81228f274e4f56ee5a53c11fc7e797fc5fa 100644 (file)
@@ -529,3 +529,11 @@ When:      3.5
 Why:   The old kmap_atomic() with two arguments is deprecated, we only
        keep it for backward compatibility for few cycles and then drop it.
 Who:   Cong Wang <amwang@redhat.com>
+
+----------------------------
+
+What:  setitimer accepts user NULL pointer (value)
+When:  3.6
+Why:   setitimer is not returning -EFAULT if user pointer is NULL. This
+       violates the spec.
+Who:   Sasikantha Babu <sasikanth.v19@gmail.com>
index 22000c3db0dd53e28b01fc05a302316e02d1d221..c70369a74b5a59c52876b57c62e3207a2d4943b9 100644 (file)
@@ -284,8 +284,11 @@ SYSCALL_DEFINE3(setitimer, int, which, struct itimerval __user *, value,
        if (value) {
                if(copy_from_user(&set_buffer, value, sizeof(set_buffer)))
                        return -EFAULT;
-       } else
+       } else {
                memset((char *) &set_buffer, 0, sizeof(set_buffer));
+               WARN_ONCE(1, "setitimer: new_value pointer is NULL."
+                         " Misfeature support will be removed\n");
+       }
 
        error = do_setitimer(which, &set_buffer, ovalue ? &get_buffer : NULL);
        if (error || !ovalue)