From owner-freebsd-bugs@FreeBSD.ORG Sun Aug 29 20:20:03 2010 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F35310656AD for ; Sun, 29 Aug 2010 20:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 04A028FC1F for ; Sun, 29 Aug 2010 20:20:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o7TKK20O056736 for ; Sun, 29 Aug 2010 20:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o7TKK2QK056735; Sun, 29 Aug 2010 20:20:02 GMT (envelope-from gnats) Date: Sun, 29 Aug 2010 20:20:02 GMT Message-Id: <201008292020.o7TKK2QK056735@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Garrett Cooper Cc: Subject: Re: kern/149980: [patch] negative value integer to nanosleep(2) should fail with EINVAL X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Garrett Cooper List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Aug 2010 20:20:03 -0000 The following reply was made to PR kern/149980; it has been noted by GNATS. From: Garrett Cooper To: vwe@freebsd.org Cc: bug-followup Subject: Re: kern/149980: [patch] negative value integer to nanosleep(2) should fail with EINVAL Date: Sun, 29 Aug 2010 13:16:04 -0700 On Sun, Aug 29, 2010 at 1:03 PM, wrote: > Old Synopsis: [PATCH] negative value integer to nanosleep(2) should fail = with EINVAL > New Synopsis: [patch] negative value integer to nanosleep(2) should fail = with EINVAL > > State-Changed-From-To: open->analyzed > State-Changed-By: vwe > State-Changed-When: Sun Aug 29 20:00:22 UTC 2010 > State-Changed-Why: > double checked that and it's looking reasonable > I think the checks for 'tv_nsec < 0' and 'tv_sec < 0' can be made in one = go, > but IMO it should not make a difference (assembler wise): > > Index: sys/kern/kern_time.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- sys/kern/kern_time.c =A0 =A0 =A0 =A0(revision 211522) > +++ sys/kern/kern_time.c =A0 =A0 =A0 =A0(working copy) > @@ -362,9 +362,9 @@ > =A0 =A0 =A0 =A0struct timeval tv; > =A0 =A0 =A0 =A0int error; > > - =A0 =A0 =A0 if (rqt->tv_nsec < 0 || rqt->tv_nsec >=3D 1000000000) > + =A0 =A0 =A0 if (rqt->tv_nsec < 0 || rqt->tv_nsec >=3D 1000000000 || rqt= ->tv_sec < 0) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return (EINVAL); > - =A0 =A0 =A0 if (rqt->tv_sec < 0 || (rqt->tv_sec =3D=3D 0 && rqt->tv_nse= c =3D=3D 0)) > + =A0 =A0 =A0 if (rqt->tv_sec =3D=3D 0 && rqt->tv_nsec =3D=3D 0) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return (0); > =A0 =A0 =A0 =A0getnanouptime(&ts); > =A0 =A0 =A0 =A0timespecadd(&ts, rqt); Same thing that bde@ asked me to create, so it naturally looks good :). The reason why I hadn't posted anything earlier about this bug is that bde@ brought it to my attention that there are additional issues with the timer code, mostly dealing with the fact that itimerfix isn't used when checking the bounds of the tv argument. There are other associated issues with using this though (itimerfix checks tv_msec, and nanosleep doesn't check the tv_msec field because nanosleep uses nanosecond granularity, not millisecond granularity). Thanks! -Garrett