OS-8141 lx futex called with NULL timeout and FUTEX_WAIT_BITSET|FUTEX_PRIVATE_FLAG set causes panic (#272)

author: Brian Bennett <brian.bennett@joyent.com> 2020-03-23 19:04:27 -0700
committer: GitHub <noreply@github.com> 2020-03-23 19:04:27 -0700
commit: 71d3d1fb721d3893ca04b652d1b175ee2f54ed05 (patch)
tree: b007cd9027ca8fa6daedd2c2813709c4d59063fb
parent: 53825b8d5ba4b74a647ddb0c0212c7b336445fbf (diff)
download: illumos-joyent-71d3d1fb721d3893ca04b652d1b175ee2f54ed05.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/usr/src/uts/common/brand/lx/syscall/lx_futex.c b/usr/src/uts/common/brand/lx/syscall/lx_futex.c
index 3642b006c0..2a804dbcfe 100644
--- a/usr/src/uts/common/brand/lx/syscall/lx_futex.c
+++ b/usr/src/uts/common/brand/lx/syscall/lx_futex.c
@@ -24,7 +24,7 @@
  */
 
 /*
- * Copyright 2019 Joyent, Inc.
+ * Copyright 2020 Joyent, Inc.
  */
 
 #include <sys/types.h>
@@ -408,6 +408,17 @@ futex_wait(memid_t *memid, caddr_t addr,
 		goto out;
 	}
 
+	/*
+	 * We can't have hrtime and a timeout of 0. See below about
+	 * CLOCK_REALTIME.
+	 * On Linux this is is an invalid state anyway, so we'll short cut
+	 * this early to avoid a panic from passing a null pointer to ts2hrt().
+	 */
+	if (hrtime && timeout == NULL) {
+		err = set_errno(EINVAL);
+		goto out;
+	}
+
 	futex_hashin(fwp);
 
 	err = 0;
author	Brian Bennett <brian.bennett@joyent.com>	2020-03-23 19:04:27 -0700
committer	GitHub <noreply@github.com>	2020-03-23 19:04:27 -0700
commit	71d3d1fb721d3893ca04b652d1b175ee2f54ed05 (patch)
tree	b007cd9027ca8fa6daedd2c2813709c4d59063fb
parent	53825b8d5ba4b74a647ddb0c0212c7b336445fbf (diff)
download	illumos-joyent-71d3d1fb721d3893ca04b652d1b175ee2f54ed05.tar.gz