On Fri, Sep 17, 2021 at 12:32 AM Thomas Gleixner tglx@linutronix.de wrote:
On Wed, Sep 15 2021 at 21:00, Arnd Bergmann wrote:
I have done the analysis. setitimer() does not have any problem with that simply because it already checks at the call site that the seconds value is > 0 and so do all the other user visible interfaces. See get_itimerval() ...
Right, I now came to the same conclusion after taking a closer look, see my reply from yesterday.
Granted that the kernel internal interfaces do not have those checks, but they already have other safety nets in place to prevent this and I could not identify any callsite which has trouble with that change.
If I failed to spot one then what the heck is the problem? It was broken before that change already!
My bad for the unfortunate timing. When only saw the patch when Greg posted it during the stable review and wasn't completely sure about it at the time, so I was hoping that he could just hold off until you had a chance to reply either saying that you had already checked this case or that it was dangerous, but now it's already reverted.
I agree we should put back the fix into all stable kernels.
Arnd