[PATCH 1/1] setitimer : Return -EFAULT if the user pointer "value" is NULL
From: Sasikantha babu
Date: Wed Mar 21 2012 - 10:39:06 EST
Added WARN_ONCE() in the else path and schedule the removal of this "feature" for v3.6
Signed-off-by: Sasikantha babu <sasikanth.v19@xxxxxxxxx>
---
Documentation/feature-removal-schedule.txt | 9 +++++++++
kernel/itimer.c | 5 ++++-
2 files changed, 13 insertions(+), 1 deletions(-)
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt
index d5dc80f..d943987 100644
--- a/Documentation/feature-removal-schedule.txt
+++ b/Documentation/feature-removal-schedule.txt
@@ -535,3 +535,12 @@ Why: This driver provides support for USB storage devices like "USB
(CONFIG_USB_STORAGE) which only drawback is the additional SCSI
stack.
Who: Sebastian Andrzej Siewior <sebastian@xxxxxxxxxxxxx>
+
+----------------------------
+
+What: setitimer accepts user's NULL pointer - interval timer pointer
+When: 3.6
+Why: setitimer is not returning -EFAULT if user point is NULL. If user passes
+ "struct itimerval *value" as NULL instead of returning -EFAULT it
+ sets value of an interval timer to 0 secs and 0 micro secs.
+Who: Sasikantha Babu <sasikanth.v19@xxxxxxxxx>
diff --git a/kernel/itimer.c b/kernel/itimer.c
index 22000c3..10f3cfb 100644
--- a/kernel/itimer.c
+++ b/kernel/itimer.c
@@ -284,8 +284,11 @@ SYSCALL_DEFINE3(setitimer, int, which, struct itimerval __user *, value,
if (value) {
if(copy_from_user(&set_buffer, value, sizeof(set_buffer)))
return -EFAULT;
- } else
+ } else {
memset((char *) &set_buffer, 0, sizeof(set_buffer));
+ WARN_ONCE (!value, "setitimer: Support for handling NULL user pointer "
+ " will be removed");
+ }
error = do_setitimer(which, &set_buffer, ovalue ? &get_buffer : NULL);
if (error || !ovalue)
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/