Fixing settime1() to reject invalid struct timespec ?

To: NetBSD kernel <tech-kern%netbsd.org@localhost>
Subject: Fixing settime1() to reject invalid struct timespec ?
From: Nicolas Joly <njoly%pasteur.fr@localhost>
Date: Mon, 27 Jul 2009 14:37:29 +0200

Hi,

While looking into clock_settime(2), i discovered that this syscall
does not fail as expected with EINVAL when an invalid struct timespec
is provided.

Indeed, none of the called functions do use itimespecfix() to ensure
that the tv_sec and tv_nsec values are correct.

Adding such a verification would be best centralized in settime1()
function which is currently used by both native and compat
clock_settime() syscalls (and as a side effect, it will validate
settimeofday argument too).

Unfortunately, the clock_settime1()/settime1() chain use a `const
struct timespec' argument which cannot be modified by calling
itimespecfix() ...

To solve this, we can: (a) use an ugly __UNCONST() when calling
itimespecfix(), or (b) drop the const qualifier from
clock_settime1()/settime1() ...

I do think the latter would be better.

Comments ?

-- 
Nicolas Joly

Biological Software and Databanks.
Institut Pasteur, Paris.

Follow-Ups:
- Re: Fixing settime1() to reject invalid struct timespec ?
  - From: Joerg Sonnenberger

Prev by Date: static functions are your friends (Was GPIO revisited)
Next by Date: Re: Fixing settime1() to reject invalid struct timespec ?
Previous by Thread: Ext2fs inode size patch
Next by Thread: Re: Fixing settime1() to reject invalid struct timespec ?
Indexes:

Home | Main Index | Thread Index | Old Index