From 2eb2351a16b310714ea9994076d41e3340a2c813 Mon Sep 17 00:00:00 2001
From: Thomas Gleixner <tglx@linutronix.de>
Date: Fri, 31 Mar 2006 02:31:32 -0800
Subject: [PATCH] --- yaml --- r: 24924 b: refs/heads/master c:
 9741ef964dc8bfeb6520825df9fed8f538c3336e h: refs/heads/master v: v3

---
 [refs]                      | 2 +-
 trunk/kernel/futex.c        | 4 +++-
 trunk/kernel/futex_compat.c | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/[refs] b/[refs]
index fc783ebfa32b..03785ea35cdb 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: d425b274ba83ba4e7746a40446ec0ba3267de51f
+refs/heads/master: 9741ef964dc8bfeb6520825df9fed8f538c3336e
diff --git a/trunk/kernel/futex.c b/trunk/kernel/futex.c
index 9c9b2b6b22dd..5699c512057b 100644
--- a/trunk/kernel/futex.c
+++ b/trunk/kernel/futex.c
@@ -1039,9 +1039,11 @@ asmlinkage long sys_futex(u32 __user *uaddr, int op, int val,
 	unsigned long timeout = MAX_SCHEDULE_TIMEOUT;
 	int val2 = 0;
 
-	if ((op == FUTEX_WAIT) && utime) {
+	if (utime && (op == FUTEX_WAIT)) {
 		if (copy_from_user(&t, utime, sizeof(t)) != 0)
 			return -EFAULT;
+		if (!timespec_valid(&t))
+			return -EINVAL;
 		timeout = timespec_to_jiffies(&t) + 1;
 	}
 	/*
diff --git a/trunk/kernel/futex_compat.c b/trunk/kernel/futex_compat.c
index 54274fc85321..1ab6a0ea3d14 100644
--- a/trunk/kernel/futex_compat.c
+++ b/trunk/kernel/futex_compat.c
@@ -129,9 +129,11 @@ asmlinkage long compat_sys_futex(u32 __user *uaddr, int op, u32 val,
 	unsigned long timeout = MAX_SCHEDULE_TIMEOUT;
 	int val2 = 0;
 
-	if ((op == FUTEX_WAIT) && utime) {
+	if (utime && (op == FUTEX_WAIT)) {
 		if (get_compat_timespec(&t, utime))
 			return -EFAULT;
+		if (!timespec_valid(&t))
+			return -EINVAL;
 		timeout = timespec_to_jiffies(&t) + 1;
 	}
 	if (op >= FUTEX_REQUEUE)