--- /dev/null
+From 2895a5e5b3ae78d9923a91fce405d4a2f32c4309 Mon Sep 17 00:00:00 2001
+From: Eric Caruso <ejcaruso@google.com>
+Date: Wed, 8 Jun 2016 16:08:59 -0700
+Subject: timerfd: Reject ALARM timerfds without CAP_WAKE_ALARM
+
+From: Eric Caruso <ejcaruso@google.com>
+
+commit 2895a5e5b3ae78d9923a91fce405d4a2f32c4309 upstream.
+
+timerfd gives processes a way to set wake alarms, but unlike timers made using
+timer_create, timerfds don't check whether the process has CAP_WAKE_ALARM
+before setting alarm-time timers. CAP_WAKE_ALARM is supposed to gate this
+behavior and so it makes sense that we should deny permission to create such
+timerfds if the process doesn't have this capability.
+
+Signed-off-by: Eric Caruso <ejcaruso@google.com>
+Cc: Todd Poynor <toddpoynor@google.com>
+Link: http://lkml.kernel.org/r/1465427339-96209-1-git-send-email-ejcaruso@chromium.org
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Kasper Zwijsen <Kasper.Zwijsen@UGent.be>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/timerfd.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/fs/timerfd.c
++++ b/fs/timerfd.c
+@@ -400,6 +400,11 @@ SYSCALL_DEFINE2(timerfd_create, int, clo
+ clockid != CLOCK_BOOTTIME_ALARM))
+ return -EINVAL;
+
++ if (!capable(CAP_WAKE_ALARM) &&
++ (clockid == CLOCK_REALTIME_ALARM ||
++ clockid == CLOCK_BOOTTIME_ALARM))
++ return -EPERM;
++
+ ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
+ if (!ctx)
+ return -ENOMEM;
+@@ -444,6 +449,11 @@ static int do_timerfd_settime(int ufd, i
+ return ret;
+ ctx = f.file->private_data;
+
++ if (!capable(CAP_WAKE_ALARM) && isalarm(ctx)) {
++ fdput(f);
++ return -EPERM;
++ }
++
+ timerfd_setup_cancel(ctx, flags);
+
+ /*
projects / thirdparty / kernel / stable-queue.git / commitdiff
