diff --git a/kernel/futex.c b/kernel/futex.c index 9c9b2b6b22dd692ec14784331d4d3197503b86fe..5699c512057b087a14633b357a618d4528d4a032 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -1039,9 +1039,11 @@ asmlinkage long sys_futex(u32 __user *uaddr, int op, int val, unsigned long timeout = MAX_SCHEDULE_TIMEOUT; int val2 = 0; - if ((op == FUTEX_WAIT) && utime) { + if (utime && (op == FUTEX_WAIT)) { if (copy_from_user(&t, utime, sizeof(t)) != 0) return -EFAULT; + if (!timespec_valid(&t)) + return -EINVAL; timeout = timespec_to_jiffies(&t) + 1; } /* diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c index 54274fc853216d7448762c78e37ac0cd30d5e8f6..1ab6a0ea3d14776e9a84d3b8af71ffd418da5498 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c @@ -129,9 +129,11 @@ asmlinkage long compat_sys_futex(u32 __user *uaddr, int op, u32 val, unsigned long timeout = MAX_SCHEDULE_TIMEOUT; int val2 = 0; - if ((op == FUTEX_WAIT) && utime) { + if (utime && (op == FUTEX_WAIT)) { if (get_compat_timespec(&t, utime)) return -EFAULT; + if (!timespec_valid(&t)) + return -EINVAL; timeout = timespec_to_jiffies(&t) + 1; } if (op >= FUTEX_REQUEUE)