Description of problem: Calling epoll_wait with a negative value for 'timeout' results in a printk being generated, with no information about what pid or uid caused it. This can result in logfile overflow and denial-of-service. Version-Release number of selected component (if applicable): 2.6.9-55.0.2 Steps to reproduce: 1. run attached testcase on x86_64 2.6.9-55.0.2. Actual results: schedule_timeout: wrong timeout value fffffffffffffc19 from ffffffff8019eaff Expected results: return EINVAL and do not printk. Additional info: This issue appears to be fixed upstream by e3306dd5f7eb2e699f36a4a313fca4b48b18d5e1.
Created attachment 187791 [details] reproduction testcase
The semantics in the upstream kernel and as described by the patch which was referenced do not match the expected results. The actual semantics of the system after applying that patch are that any negative value passed as the timeout is treated the same as -1. I will port the patch, but this will just prevent the printk() from occurring, but will not cause the system call to return EINVAL.
Created attachment 198801 [details] Proposed patch
The attached Proposed patch modifies the epoll_wait() semantics to use any negative value to indicate an infinite wait, not just -1. This matches the current upstream and RHEL-5 semantics.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Committed in 68.14.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2008-0665.html