itimer: Schedule silent NULL pointer fixup in setitimer() for removal
Sasikantha babu [Wed, 18 Apr 2012 14:33:40 +0000 (19:33 +0530)]
setitimer() should return -EFAULT if called with an invalid pointer
for value. The current code excludes a NULL pointer from this rule and
silently uses it to stop the timer. This violates the spec.

Warn about user space apps which rely on that feature and schedule it
for removal.

[ tglx: Massaged changelog, warn message and Doc entry ]

Signed-off-by: Sasikantha babu <sasikanth.v19@gmail.com>
Link: http://lkml.kernel.org/r/1332340854-26053-1-git-send-email-sasikanth.v19@gmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

Conflicts:

Documentation/feature-removal-schedule.txt

Change-Id: Id0920441c09d32cf8375e58afb955add51325df9

Documentation/feature-removal-schedule.txt
kernel/itimer.c

index 709e08e..f298755 100644 (file)
@@ -524,10 +524,8 @@ Who:       Cong Wang <amwang@redhat.com>
 
 ----------------------------
 
-What:  get_robust_list syscall
-When:  2013
-Why:   There appear to be no production users of the get_robust_list syscall,
-       and it runs the risk of leaking address locations, allowing the bypass
-       of ASLR. It was only ever intended for debugging, so it should be
-       removed.
-Who:   Kees Cook <keescook@chromium.org>
+What:  setitimer accepts user NULL pointer (value)
+When:  3.6
+Why:   setitimer is not returning -EFAULT if user pointer is NULL. This
+       violates the spec.
+Who:   Sasikantha Babu <sasikanth.v19@gmail.com>
index 22000c3..c70369a 100644 (file)
@@ -284,8 +284,11 @@ SYSCALL_DEFINE3(setitimer, int, which, struct itimerval __user *, value,
        if (value) {
                if(copy_from_user(&set_buffer, value, sizeof(set_buffer)))
                        return -EFAULT;
-       } else
+       } else {
                memset((char *) &set_buffer, 0, sizeof(set_buffer));
+               WARN_ONCE(1, "setitimer: new_value pointer is NULL."
+                         " Misfeature support will be removed\n");
+       }
 
        error = do_setitimer(which, &set_buffer, ovalue ? &get_buffer : NULL);
        if (error || !ovalue)