diff options
| author | Thomas Gleixner <[email protected]> | 2008-12-20 20:27:34 +0000 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2008-12-20 22:13:45 +0000 |
| commit | 3d44cc3e01ee1b40317f79ed54324e25c4f848df (patch) | |
| tree | 99feb824dd6beda01bf11c56e412ff147bf24551 /net/unix/af_unix.c | |
| parent | Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/eri... (diff) | |
| download | kernel-3d44cc3e01ee1b40317f79ed54324e25c4f848df.tar.gz kernel-3d44cc3e01ee1b40317f79ed54324e25c4f848df.zip | |
Null pointer deref with hrtimer_try_to_cancel()
Impact: Prevent kernel crash with posix timer clockid CLOCK_MONOTONIC_RAW
commit 2d42244ae71d6c7b0884b5664cf2eda30fb2ae68 (clocksource:
introduce CLOCK_MONOTONIC_RAW) introduced a new clockid, which is only
available to read out the raw not NTP adjusted system time.
The above commit did not prevent that a posix timer can be created
with that clockid. The timer_create() syscall succeeds and initializes
the timer to a non existing hrtimer base. When the timer is deleted
either by timer_delete() or by the exit() cleanup the kernel crashes.
Prevent the creation of timers for CLOCK_MONOTONIC_RAW by setting the
posix clock function to no_timer_create which returns an error code.
Reported-and-tested-by: Eric Sesterhenn <[email protected]>
Signed-off-by: Thomas Gleixner <[email protected]>
Acked-by: Oleg Nesterov <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'net/unix/af_unix.c')
0 files changed, 0 insertions, 0 deletions