6.13-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Brauner brauner@kernel.org
commit 8ce3528188207a2e1896cc3173fba6d99a59013a upstream.
Prior to doing any work, check whether the provided ioctl command is supported by pidfs.
Signed-off-by: Christian Brauner brauner@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/pidfs.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
--- a/fs/pidfs.c +++ b/fs/pidfs.c @@ -190,6 +190,27 @@ static long pidfd_info(struct task_struc return 0; }
+static bool pidfs_ioctl_valid(unsigned int cmd) +{ + switch (cmd) { + case FS_IOC_GETVERSION: + case PIDFD_GET_CGROUP_NAMESPACE: + case PIDFD_GET_INFO: + case PIDFD_GET_IPC_NAMESPACE: + case PIDFD_GET_MNT_NAMESPACE: + case PIDFD_GET_NET_NAMESPACE: + case PIDFD_GET_PID_FOR_CHILDREN_NAMESPACE: + case PIDFD_GET_TIME_NAMESPACE: + case PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE: + case PIDFD_GET_UTS_NAMESPACE: + case PIDFD_GET_USER_NAMESPACE: + case PIDFD_GET_PID_NAMESPACE: + return true; + } + + return false; +} + static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { struct task_struct *task __free(put_task) = NULL; @@ -198,6 +219,9 @@ static long pidfd_ioctl(struct file *fil struct ns_common *ns_common = NULL; struct pid_namespace *pid_ns;
+ if (!pidfs_ioctl_valid(cmd)) + return -ENOIOCTLCMD; + task = get_pid_task(pid, PIDTYPE_PID); if (!task) return -ESRCH;