From: Chris Wright <chrisw@sous-sol.org>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, David Miller <davem@davemloft.net>,
bunk@stusta.de, Vasily Averin <vvs@sw.ru>
Subject: [patch 25/32] NET: "wrong timeout value" in sk_wait_data() v2
Date: Fri, 08 Jun 2007 00:15:36 -0700 [thread overview]
Message-ID: <20070608071554.380591000@sous-sol.org> (raw)
In-Reply-To: 20070608071511.159309000@sous-sol.org
[-- Attachment #1: net-wrong-timeout-value-in-sk_wait_data-v2.patch --]
[-- Type: text/plain, Size: 1710 bytes --]
-stable review patch. If anyone has any objections, please let us know.
---------------------
From: Vasily Averin <vvs@sw.ru>
sys_setsockopt() do not check properly timeout values for
SO_RCVTIMEO/SO_SNDTIMEO, for example it's possible to set negative timeout
values. POSIX do not defines behaviour for sys_setsockopt in case negative
timeouts, but requires that setsockopt() shall fail with -EDOM if the send and
receive timeout values are too big to fit into the timeout fields in the socket
structure.
In current implementation negative timeout can lead to error messages like
"schedule_timeout: wrong timeout value".
Proposed patch:
- checks tv_usec and returns -EDOM if it is wrong
- do not allows to set negative timeout values (sets 0 instead) and outputs
ratelimited information message about such attempts.
Signed-off-By: Vasily Averin <vvs@sw.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---
net/core/sock.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- linux-2.6.20.13.orig/net/core/sock.c
+++ linux-2.6.20.13/net/core/sock.c
@@ -204,7 +204,19 @@ static int sock_set_timeout(long *timeo_
return -EINVAL;
if (copy_from_user(&tv, optval, sizeof(tv)))
return -EFAULT;
+ if (tv.tv_usec < 0 || tv.tv_usec >= USEC_PER_SEC)
+ return -EDOM;
+ if (tv.tv_sec < 0) {
+ static int warned = 0;
+ *timeo_p = 0;
+ if (warned < 10 && net_ratelimit())
+ warned++;
+ printk(KERN_INFO "sock_set_timeout: `%s' (pid %d) "
+ "tries to set negative timeout\n",
+ current->comm, current->pid);
+ return 0;
+ }
*timeo_p = MAX_SCHEDULE_TIMEOUT;
if (tv.tv_sec == 0 && tv.tv_usec == 0)
return 0;
--
next prev parent reply other threads:[~2007-06-08 7:32 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-08 7:15 [patch 00/32] 2.6.20-stable review Chris Wright
2007-06-08 7:15 ` [patch 01/32] pv6: track device renames in snmp6 Chris Wright
2007-06-08 7:15 ` [patch 02/32] oom: kill all threads that share mm with killed task Chris Wright
2007-06-08 7:15 ` [patch 03/32] x86-64: Always flush all pages in change_page_attr Chris Wright
2007-06-08 7:15 ` [patch 04/32] smc911x: fix compilation breakage wjen debug is on Chris Wright
2007-06-08 7:15 ` [patch 05/32] iop13xx: fix i/o address translation Chris Wright
2007-06-08 7:15 ` [patch 06/32] [NETFILTER]: {ip, nf}_nat_proto_gre: do not modify/corrupt GREv0 packets through NAT Chris Wright
2007-06-08 7:15 ` [patch 07/32] sata_via: add missing PM hooks Chris Wright
2007-06-08 7:15 ` [patch 08/32] driver-core: dont free devt_attr till the device is released Chris Wright
2007-06-08 7:15 ` [patch 09/32] JFS: Fix race waking up jfsIO kernel thread Chris Wright
2007-06-08 7:15 ` [patch 10/32] CRYPTO: api: Read module pointer before freeing algorithm Chris Wright
2007-06-08 7:15 ` [patch 11/32] fuse: fix mknod of regular file Chris Wright
2007-06-08 7:15 ` [patch 12/32] acpi-thermal: fix mod_timer() interval Chris Wright
2007-06-08 7:15 ` [patch 13/32] ALSA: usb-audio: explicitly match Logitech QuickCam Chris Wright
2007-06-08 7:15 ` [patch 14/32] s390: Fix TCP/UDP pseudo header checksum computation Chris Wright
2007-06-08 7:15 ` [patch 15/32] s390: page_mkclean data corruption Chris Wright
2007-06-08 7:15 ` [patch 16/32] V4L/DVB (5593): Budget-ci: Fix tuning for TDM 1316 (160..200 MHz) Chris Wright
2007-06-08 7:15 ` [patch 17/32] kbuild: fixdep segfault on pathological string-o-death Chris Wright
2007-06-08 7:15 ` [patch 18/32] ntfs_init_locked_inode(): fix array indexing Chris Wright
2007-06-08 7:15 ` [patch 19/32] ICMP: Fix icmp_errors_use_inbound_ifaddr sysctl Chris Wright
2007-06-08 7:15 ` [patch 20/32] NET: parse ip:port strings correctly in in4_pton Chris Wright
2007-06-08 7:15 ` [patch 21/32] IPSEC: Fix panic when using inter address familiy IPsec on loopback Chris Wright
2007-06-08 7:15 ` [patch 22/32] NET: Fix BMSR_100{HALF,FULL}2 defines in linux/mii.h Chris Wright
2007-06-08 7:15 ` [patch 23/32] IPV4: Correct rp_filter help text Chris Wright
2007-06-09 1:20 ` Herbert Xu
2007-06-09 1:22 ` Herbert Xu
2007-06-08 7:15 ` [patch 24/32] SPARC: Linux always started with 9600 8N1 Chris Wright
2007-06-08 7:15 ` Chris Wright [this message]
2007-06-08 7:15 ` [patch 26/32] SPARC64: Fix two bugs wrt. kernel 4MB TSB Chris Wright
2007-06-08 7:15 ` [patch 27/32] SPARC64: Fix _PAGE_EXEC_4U check in sun4u I-TLB miss handler Chris Wright
2007-06-08 7:15 ` [patch 28/32] TCP: Use default 32768-61000 outgoing port range in all cases Chris Wright
2007-06-08 7:15 ` [patch 29/32] NET: Fix race condition about network device name allocation Chris Wright
2007-06-08 7:15 ` [patch 30/32] Fix AF_UNIX OOPS Chris Wright
2007-06-08 7:15 ` [patch 31/32] IPV6 ROUTE: No longer handle ::/0 specially Chris Wright
2007-06-08 7:15 ` [patch 32/32] SPARC64: Dont be picky about virtual-dma values on sun4v Chris Wright
2007-06-08 7:29 ` [stable] [patch 00/32] 2.6.20-stable review Chris Wright
2007-06-08 16:51 ` Chris Wright
2007-06-08 12:21 ` Fortier,Vincent [Montreal]
2007-06-08 15:45 ` Chris Wright
2007-06-08 20:56 ` Chuck Ebbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070608071554.380591000@sous-sol.org \
--to=chrisw@sous-sol.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@stusta.de \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=vvs@sw.ru \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox