Commit 2b08de0073a5697cf84d6f448d6dbc6cf02fc6b5
Committed by
Thomas Gleixner
Thomas Gleixner
1 parent
22b8f15c2f
posix_timer: Move copy_to_user(created_timer_id) down in timer_create()
According to Oleg Nesterov: We can move copy_to_user(created_timer_id) down after "if (timer_event_spec)" block too. (but before CLOCK_DISPATCH(), of course). Signed-off-by: Andrey Vagin <avagin@openvz.org> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: Pavel Emelyanov <xemul@openvz.org> Cc: Stanislaw Gruszka <sgruszka@redhat.com> Cc: Andrey Vagin <avagin@openvz.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Showing 1 changed file with 6 additions and 5 deletions Side-by-side Diff
kernel/posix-timers.c
| ... | ... | @@ -560,11 +560,6 @@ |
| 560 | 560 | new_timer->it_clock = which_clock; |
| 561 | 561 | new_timer->it_overrun = -1; |
| 562 | 562 | |
| 563 | - if (copy_to_user(created_timer_id, | |
| 564 | - &new_timer_id, sizeof (new_timer_id))) { | |
| 565 | - error = -EFAULT; | |
| 566 | - goto out; | |
| 567 | - } | |
| 568 | 563 | if (timer_event_spec) { |
| 569 | 564 | if (copy_from_user(&event, timer_event_spec, sizeof (event))) { |
| 570 | 565 | error = -EFAULT; |
| ... | ... | @@ -589,6 +584,12 @@ |
| 589 | 584 | new_timer->sigq->info.si_value = event.sigev_value; |
| 590 | 585 | new_timer->sigq->info.si_tid = new_timer->it_id; |
| 591 | 586 | new_timer->sigq->info.si_code = SI_TIMER; |
| 587 | + | |
| 588 | + if (copy_to_user(created_timer_id, | |
| 589 | + &new_timer_id, sizeof (new_timer_id))) { | |
| 590 | + error = -EFAULT; | |
| 591 | + goto out; | |
| 592 | + } | |
| 592 | 593 | |
| 593 | 594 | error = CLOCK_DISPATCH(which_clock, timer_create, (new_timer)); |
| 594 | 595 | if (error) |