git.openpandora.org
/
pandora-kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
posix-timer: Don't call idr_find() with out-of-range ID
[pandora-kernel.git]
/
kernel
/
posix-timers.c
diff --git
a/kernel/posix-timers.c
b/kernel/posix-timers.c
index
69185ae
..
7edfe4b
100644
(file)
--- a/
kernel/posix-timers.c
+++ b/
kernel/posix-timers.c
@@
-639,6
+639,13
@@
static struct k_itimer *__lock_timer(timer_t timer_id, unsigned long *flags)
{
struct k_itimer *timr;
{
struct k_itimer *timr;
+ /*
+ * timer_t could be any type >= int and we want to make sure any
+ * @timer_id outside positive int range fails lookup.
+ */
+ if ((unsigned long long)timer_id > INT_MAX)
+ return NULL;
+
rcu_read_lock();
timr = idr_find(&posix_timers_id, (int)timer_id);
if (timr) {
rcu_read_lock();
timr = idr_find(&posix_timers_id, (int)timer_id);
if (timr) {
@@
-997,7
+1004,7
@@
SYSCALL_DEFINE2(clock_adjtime, const clockid_t, which_clock,
err = kc->clock_adj(which_clock, &ktx);
err = kc->clock_adj(which_clock, &ktx);
- if (
!err
&& copy_to_user(utx, &ktx, sizeof(ktx)))
+ if (
err >= 0
&& copy_to_user(utx, &ktx, sizeof(ktx)))
return -EFAULT;
return err;
return -EFAULT;
return err;