pidfs: when time ns disabled add check for ioctl

syzbot call pidfd_ioctl() with cmd "PIDFD_GET_TIME_NAMESPACE" and disabled CONFIG_TIME_NS, since time_ns is NULL, it will make NULL ponter deref in open_namespace. Fixes: 5b08bd408534 ("pidfs: allow retrieval of namespace file descriptors") # mainline only Reported-and-tested-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=34a0ee986f61f15da35d Signed-off-by: Edward Adam Davis <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Christian Brauner <[email protected]>
author: Edward Adam Davis <[email protected]> 2024-07-21 14:23:12 +0800
committer: Christian Brauner <[email protected]> 2024-07-24 10:53:12 +0200
commit: f60d38cb02d03f39576f9c7ad13652babded2410 (patch)
tree: f2c36c5e65e7db512350db5e3e778c8c7f724728
parent: b40c8e7a033ff2cafd33adbe50e2a516f88fa223 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/pidfs.c b/fs/pidfs.c
index c9cb14181def..fe0ddab48f57 100644
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -168,6 +168,8 @@ static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 	case PIDFD_GET_TIME_NAMESPACE:
 		get_time_ns(nsp->time_ns);
 		ns_common = to_ns_common(nsp->time_ns);
+		if (!nsp->time_ns)
+			return -EINVAL;
 		break;
 	case PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE:
 		get_time_ns(nsp->time_ns_for_children);
author	Edward Adam Davis <[email protected]>	2024-07-21 14:23:12 +0800
committer	Christian Brauner <[email protected]>	2024-07-24 10:53:12 +0200
commit	f60d38cb02d03f39576f9c7ad13652babded2410 (patch)
tree	f2c36c5e65e7db512350db5e3e778c8c7f724728
parent	b40c8e7a033ff2cafd33adbe50e2a516f88fa223 (diff)