From: Eric Caruso <ejcar...@google.com>
timerfd gives processes a way to set wake alarms, but
unlike timers made using timer_create, timerfds don't
check whether the process has CAP_WAKE_ALARM before
setting alarm-time timers. CAP_WAKE_ALARM is supposed to
gate this behavior and so it makes sense that we should
deny permission to create such timerfds if the process
doesn't have this capability.
Signed-off-by: Eric Caruso <ejcar...@google.com>
---
fs/timerfd.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/timerfd.c b/fs/timerfd.c
index 053818d..9ae4abb 100644
--- a/fs/timerfd.c
+++ b/fs/timerfd.c
@@ -390,6 +390,11 @@ SYSCALL_DEFINE2(timerfd_create, int, clockid, int, flags)
clockid != CLOCK_BOOTTIME_ALARM))
return -EINVAL;
+ if (!capable(CAP_WAKE_ALARM) &&
+ (clockid == CLOCK_REALTIME_ALARM ||
+ clockid == CLOCK_BOOTTIME_ALARM))
+ return -EPERM;
+
ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
if (!ctx)
return -ENOMEM;
@@ -433,6 +438,11 @@ static int do_timerfd_settime(int ufd, int flags,
return ret;
ctx = f.file->private_data;
+ if (!capable(CAP_WAKE_ALARM) && isalarm(ctx)) {
+ fdput(f);
+ return -EPERM;
+ }
+
timerfd_setup_cancel(ctx, flags);
/*
--
2.8.0.rc3.226.g39d4020
