pidfs: when time ns disabled add check for ioctl

syzbot call pidfd_ioctl() with cmd "PIDFD_GET_TIME_NAMESPACE" and disabled CONFIG_TIME_NS, since time_ns is NULL, it will make NULL ponter deref in open_namespace. Fixes: 5b08bd408534 ("pidfs: allow retrieval of namespace file descriptors") # mainline only Reported-and-tested-by: syzbot+34a0ee986f61f15da35d@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=34a0ee986f61f15da35d Signed-off-by: Edward Adam Davis <eadavis@qq.com> Link: https://lore.kernel.org/r/tencent_7FAE8DB725EE0DD69236DDABDDDE195E4F07@qq.com Signed-off-by: Christian Brauner <brauner@kernel.org>
author: Edward Adam Davis <eadavis@qq.com> 2024-07-21 08:23:12 +0200
committer: Christian Brauner <brauner@kernel.org> 2024-07-24 10:53:12 +0200
commit: f60d38cb02d03f39576f9c7ad13652babded2410 (patch)
tree: f2c36c5e65e7db512350db5e3e778c8c7f724728 /fs
parent: vfs: correct the comments of vfs_*() helpers (diff)
download: linux-f60d38cb02d03f39576f9c7ad13652babded2410.tar.xz
linux-f60d38cb02d03f39576f9c7ad13652babded2410.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/pidfs.c b/fs/pidfs.c
index c9cb14181def..fe0ddab48f57 100644
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -168,6 +168,8 @@ static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 	case PIDFD_GET_TIME_NAMESPACE:
 		get_time_ns(nsp->time_ns);
 		ns_common = to_ns_common(nsp->time_ns);
+		if (!nsp->time_ns)
+			return -EINVAL;
 		break;
 	case PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE:
 		get_time_ns(nsp->time_ns_for_children);
author	Edward Adam Davis <eadavis@qq.com>	2024-07-21 08:23:12 +0200
committer	Christian Brauner <brauner@kernel.org>	2024-07-24 10:53:12 +0200
commit	f60d38cb02d03f39576f9c7ad13652babded2410 (patch)
tree	f2c36c5e65e7db512350db5e3e778c8c7f724728 /fs
parent	vfs: correct the comments of vfs_*() helpers (diff)
download	linux-f60d38cb02d03f39576f9c7ad13652babded2410.tar.xz linux-f60d38cb02d03f39576f9c7ad13652babded2410.zip