1. 14 6月, 2017 1 次提交
  2. 13 6月, 2017 2 次提交
    • T
      posix-timers: Handle relative posix-timers correctly · 67edab48
      Thomas Gleixner 提交于
      The recent rework of the posix timer internals broke the magic posix
      mechanism, which requires that relative timers are not affected by
      modifications of the underlying clock. That means relative CLOCK_REALTIME
      timers cannot use CLOCK_REALTIME, because that can be set and adjusted. The
      underlying hrtimer switches the clock for these timers to CLOCK_MONOTONIC.
      
      That still works, but reading the remaining time of such a timer has been
      broken in the rework. The old code used the hrtimer internals directly and
      avoided the posix clock callbacks. Now common_timer_get() uses the
      underlying kclock->timer_get() callback, which is still CLOCK_REALTIME
      based. So the remaining time of such a timer is calculated against the
      wrong time base.
      
      Handle it by switching the k_itimer->kclock pointer according to the
      resulting hrtimer mode. k_itimer->it_clock still contains CLOCK_REALTIME
      because the timer might be set with ABSTIME later and then it needs to
      switch back to the realtime posix clock implementation.
      
      Fixes: eae1c4ae ("posix-timers: Make use of cancel/arm callbacks")
      Reported-by: NAndrei Vagin <avagin@virtuozzo.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: Cyrill Gorcunov <gorcunov@openvz.org>
      Link: http://lkml.kernel.org/r/20170609201156.GB21491@outlook.office365.com
      67edab48
    • T
      posix-timers: Zero out oldval itimerspec · 5c7a3a3d
      Thomas Gleixner 提交于
      The recent posix timer rework moved the clearing of the itimerspec to the
      real syscall implementation, but forgot that the kclock->timer_get() is
      used by timer_settime() as well. That results in an uninitialized variable
      and bogus values returned to user space.
      
      Add the missing memset to timer_settime().
      
      Fixes: eabdec04 ("posix-timers: Zero settings value in common code")
      Reported-by: NAndrei Vagin <avagin@virtuozzo.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: John Stultz <john.stultz@linaro.org>
      Cc: Cyrill Gorcunov <gorcunov@openvz.org>
      Link: http://lkml.kernel.org/r/20170609201156.GB21491@outlook.office365.com
      5c7a3a3d
  3. 12 6月, 2017 1 次提交
  4. 04 6月, 2017 13 次提交
  5. 27 5月, 2017 1 次提交
  6. 15 4月, 2017 6 次提交
  7. 02 3月, 2017 1 次提交
  8. 26 12月, 2016 2 次提交
    • T
      ktime: Cleanup ktime_set() usage · 8b0e1953
      Thomas Gleixner 提交于
      ktime_set(S,N) was required for the timespec storage type and is still
      useful for situations where a Seconds and Nanoseconds part of a time value
      needs to be converted. For anything where the Seconds argument is 0, this
      is pointless and can be replaced with a simple assignment.
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      8b0e1953
    • T
      ktime: Get rid of the union · 2456e855
      Thomas Gleixner 提交于
      ktime is a union because the initial implementation stored the time in
      scalar nanoseconds on 64 bit machine and in a endianess optimized timespec
      variant for 32bit machines. The Y2038 cleanup removed the timespec variant
      and switched everything to scalar nanoseconds. The union remained, but
      become completely pointless.
      
      Get rid of the union and just keep ktime_t as simple typedef of type s64.
      
      The conversion was done with coccinelle and some manual mopping up.
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      2456e855
  9. 25 12月, 2016 1 次提交
  10. 17 1月, 2016 1 次提交
  11. 22 4月, 2015 1 次提交
  12. 25 10月, 2014 1 次提交
    • M
      posix-timers: Fix stack info leak in timer_create() · 6891c450
      Mathias Krause 提交于
      If userland creates a timer without specifying a sigevent info, we'll
      create one ourself, using a stack local variable. Particularly will we
      use the timer ID as sival_int. But as sigev_value is a union containing
      a pointer and an int, that assignment will only partially initialize
      sigev_value on systems where the size of a pointer is bigger than the
      size of an int. On such systems we'll copy the uninitialized stack bytes
      from the timer_create() call to userland when the timer actually fires
      and we're going to deliver the signal.
      
      Initialize sigev_value with 0 to plug the stack info leak.
      
      Found in the PaX patch, written by the PaX Team.
      
      Fixes: 5a9fa730 ("posix-timers: kill ->it_sigev_signo and...")
      Signed-off-by: NMathias Krause <minipli@googlemail.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Brad Spengler <spender@grsecurity.net>
      Cc: PaX Team <pageexec@freemail.hu>
      Cc: <stable@vger.kernel.org>	# v2.6.28+
      Link: http://lkml.kernel.org/r/1412456799-32339-1-git-send-email-minipli@googlemail.comSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      6891c450
  13. 24 7月, 2014 1 次提交
  14. 23 6月, 2014 1 次提交
  15. 18 4月, 2013 2 次提交
    • T
      posix-timers: Remove unused variable · d2054b2c
      Thomas Gleixner 提交于
      Remove the unused variable *node introduced by commit 5ed67f05 (posix
      timers: Allocate timer id per process)
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Pavel Emelyanov <xemul@parallels.com>
      d2054b2c
    • P
      posix timers: Allocate timer id per process (v2) · 5ed67f05
      Pavel Emelyanov 提交于
      Currently kernel generates IDs for posix timers in a global manner --
      there's a kernel-wide IDR tree from which IDs are created. This makes
      it impossible to recreate a timer with a desired ID (in particular
      this is done by the CRIU checkpoint-restore project) -- since these
      IDs are global it may happen, that at the time we recreate a timer, the
      ID we want for it is already busy by some other timer.
      
      In order to address this, replace the IDR tree with a global hash
      table for timers and makes timer IDs unique per signal_struct (to
      which timers are linked anyway). With this, two timers belonging to
      different processes may have equal IDs and we can recreate either of
      them with the ID we want.
      Signed-off-by: NPavel Emelyanov <xemul@parallels.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Matthew Helsley <matt.helsley@gmail.com>
      Link: http://lkml.kernel.org/r/513D9FF5.9010004@parallels.comSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      5ed67f05
  16. 23 3月, 2013 2 次提交
  17. 28 2月, 2013 1 次提交
  18. 22 2月, 2013 1 次提交
    • T
      posix-timer: Don't call idr_find() with out-of-range ID · e182bb38
      Tejun Heo 提交于
      When idr_find() was fed a negative ID, it used to look up the ID
      ignoring the sign bit before recent ("idr: remove MAX_IDR_MASK and
      move left MAX_IDR_* into idr.c") patch. Now a negative ID triggers
      a WARN_ON_ONCE().
      
      __lock_timer() feeds timer_id from userland directly to idr_find()
      without sanitizing it which can trigger the above malfunctions.  Add a
      range check on @timer_id before invoking idr_find() in __lock_timer().
      
      While timer_t is defined as int by all archs at the moment, Andrew
      worries that it may be defined as a larger type later on.  Make the
      test cover larger integers too so that it at least is guaranteed to
      not return the wrong timer.
      
      Note that WARN_ON_ONCE() in idr_find() on id < 0 is transitional
      precaution while moving away from ignoring MSB.  Once it's gone we can
      remove the guard as long as timer_t isn't larger than int.
      
      Signed-off-by: Tejun Heo <tj@kernel.org>nnn
      Reported-by: NSasha Levin <sasha.levin@oracle.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: stable@vger.kernel.org
      Link: http://lkml.kernel.org/r/20130220232412.GL3570@htj.dyndns.orgSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      e182bb38
  19. 16 1月, 2013 1 次提交