Module Name: src
Committed By: riastradh
Date: Thu Dec 19 23:45:39 UTC 2024
Modified Files:
src/sys/kern: sys_timerfd.c
src/tests/lib/libc/sys: t_timerfd.c
Log Message:
timerfd_settime(2): Sanitize inputs like timer_settime(2).
PR kern/58914: timerfd_settime(2) is missing itimespecfix
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/sys/kern/sys_timerfd.c
cvs rdiff -u -r1.9 -r1.10 src/tests/lib/libc/sys/t_timerfd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/sys_timerfd.c
diff -u src/sys/kern/sys_timerfd.c:1.9 src/sys/kern/sys_timerfd.c:1.10
--- src/sys/kern/sys_timerfd.c:1.9 Wed Dec 18 16:01:28 2024
+++ src/sys/kern/sys_timerfd.c Thu Dec 19 23:45:39 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_timerfd.c,v 1.9 2024/12/18 16:01:28 riastradh Exp $ */
+/* $NetBSD: sys_timerfd.c,v 1.10 2024/12/19 23:45:39 riastradh Exp $ */
/*-
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_timerfd.c,v 1.9 2024/12/18 16:01:28 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_timerfd.c,v 1.10 2024/12/19 23:45:39 riastradh Exp $");
/*
* timerfd
@@ -593,12 +593,17 @@ do_timerfd_settime(struct lwp *l, int fd
const struct itimerspec *new_value, struct itimerspec *old_value,
register_t *retval)
{
+ struct itimerspec value = *new_value;
file_t *fp;
int error;
if (flags & ~(TFD_TIMER_ABSTIME | TFD_TIMER_CANCEL_ON_SET)) {
return EINVAL;
}
+ if (itimespecfix(&value.it_value) != 0 ||
+ itimespecfix(&value.it_interval) != 0) {
+ return EINVAL;
+ }
if ((fp = fd_getfile(fd)) == NULL) {
return EBADF;
@@ -618,7 +623,7 @@ do_timerfd_settime(struct lwp *l, int fd
if (old_value != NULL) {
*old_value = it->it_time;
}
- it->it_time = *new_value;
+ it->it_time = value;
/*
* If we've been passed a relative value, convert it to an
Index: src/tests/lib/libc/sys/t_timerfd.c
diff -u src/tests/lib/libc/sys/t_timerfd.c:1.9 src/tests/lib/libc/sys/t_timerfd.c:1.10
--- src/tests/lib/libc/sys/t_timerfd.c:1.9 Thu Dec 19 20:11:03 2024
+++ src/tests/lib/libc/sys/t_timerfd.c Thu Dec 19 23:45:39 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: t_timerfd.c,v 1.9 2024/12/19 20:11:03 riastradh Exp $ */
+/* $NetBSD: t_timerfd.c,v 1.10 2024/12/19 23:45:39 riastradh Exp $ */
/*-
* Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -29,7 +29,7 @@
#include <sys/cdefs.h>
__COPYRIGHT("@(#) Copyright (c) 2020\
The NetBSD Foundation, inc. All rights reserved.");
-__RCSID("$NetBSD: t_timerfd.c,v 1.9 2024/12/19 20:11:03 riastradh Exp $");
+__RCSID("$NetBSD: t_timerfd.c,v 1.10 2024/12/19 23:45:39 riastradh Exp $");
#include <sys/types.h>
@@ -216,19 +216,9 @@ ATF_TC_BODY(timerfd_invalidtime, tc)
RL(clock_gettime(CLOCK_MONOTONIC, &now));
RL(fd = timerfd_create(CLOCK_MONOTONIC, TFD_NONBLOCK));
- atf_tc_expect_fail("PR kern/58914:"
- " timerfd_settime(2) is missing itimespecfix");
for (i = 0; i < __arraycount(einval_its); i++) {
struct itimerspec its;
- if (einval_its[i].it_interval.tv_sec < 0 ||
- einval_its[i].it_interval.tv_nsec < 0 ||
- einval_its[i].it_interval.tv_nsec >= 1000000000) {
- /* Avoid crashing the kernel for now, PR 58914. */
- fprintf(stderr, "skip %u\n", i);
- continue;
- }
-
fprintf(stderr, "case %u\n", i);
ATF_CHECK_ERRNO(EINVAL,
