1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-26 18:43:33 -05:00
linux/kernel/time
Thomas Gleixner cef31d9af9 posix-timer: Properly check sigevent->sigev_notify
timer_create() specifies via sigevent->sigev_notify the signal delivery for
the new timer. The valid modes are SIGEV_NONE, SIGEV_SIGNAL, SIGEV_THREAD
and (SIGEV_SIGNAL | SIGEV_THREAD_ID).

The sanity check in good_sigevent() is only checking the valid combination
for the SIGEV_THREAD_ID bit, i.e. SIGEV_SIGNAL, but if SIGEV_THREAD_ID is
not set it accepts any random value.

This has no real effects on the posix timer and signal delivery code, but
it affects show_timer() which handles the output of /proc/$PID/timers. That
function uses a string array to pretty print sigev_notify. The access to
that array has no bound checks, so random sigev_notify cause access beyond
the array bounds.

Add proper checks for the valid notify modes and remove the SIGEV_THREAD_ID
masking from various code pathes as SIGEV_NONE can never be set in
combination with SIGEV_THREAD_ID.

Reported-by: Eric Biggers <ebiggers3@gmail.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
Cc: stable@vger.kernel.org
2017-12-15 11:08:40 +01:00
..
alarmtimer.c alarmtimer: Ensure RTC module is not unloaded 2017-08-31 21:36:45 +02:00
clockevents.c clockevents: Retry programming min delta up to 10 times 2017-10-19 16:29:15 +02:00
clocksource.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
hrtimer.c timers/hrtimer: Use lockdep to assert IRQs are disabled/enabled 2017-11-08 11:13:49 +01:00
itimer.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
jiffies.c
Kconfig timekeeping: Remove CONFIG_GENERIC_TIME_VSYSCALL_OLD 2017-11-14 11:20:25 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ntp.c Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
ntp_internal.h Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
posix-clock.c
posix-cpu-timers.c timers/posix-cpu-timers: Use lockdep to assert IRQs are disabled/enabled 2017-11-08 11:13:54 +01:00
posix-stubs.c posix-stubs: Use get_timespec64() and put_timespec64() 2017-10-17 17:22:27 +02:00
posix-timers.c posix-timer: Properly check sigevent->sigev_notify 2017-12-15 11:08:40 +01:00
posix-timers.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sched_clock.c
test_udelay.c
tick-broadcast-hrtimer.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tick-broadcast.c
tick-common.c
tick-internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tick-oneshot.c clockevents: Update clockevents device next_event on stop 2017-11-01 18:20:17 +01:00
tick-sched.c Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 13:37:52 -08:00
tick-sched.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
time.c Merge branch 'fortglx/4.15/time' of https://git.linaro.org/people/john.stultz/linux into timers/core 2017-10-31 23:17:28 +01:00
timeconst.bc
timeconv.c
timecounter.c
timekeeping.c timekeeping: Remove CONFIG_GENERIC_TIME_VSYSCALL_OLD 2017-11-14 11:20:25 +01:00
timekeeping.h Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
timekeeping_debug.c PM / timekeeping: Print debug messages when requested 2017-07-23 00:03:43 +02:00
timekeeping_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
timer.c timer: Pass function down to initialization routines 2017-11-21 15:57:14 -08:00
timer_list.c timer/debug: Change /proc/timer_list from 0444 to 0400 2017-11-13 16:04:06 +01:00