Unverified Commit 3c17001b authored Sep 12, 2025 by Christian Brauner

pidfs: validate extensible ioctls



Validate extensible ioctls stricter than we do now.

Reviewed-by: Aleksa Sarai <cyphar@cyphar.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>

parent 8f5ae30d

fs/pidfs.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -440,7 +440,7 @@ static bool pidfs_ioctl_valid(unsigned int cmd)
		* erronously mistook the file descriptor for a pidfd.
		* This is not perfect but will catch most cases.
		*/
		return (_IOC_TYPE(cmd) == _IOC_TYPE(PIDFD_GET_INFO));
		return extensible_ioctl_valid(cmd, PIDFD_GET_INFO, PIDFD_INFO_SIZE_VER0);
		}

		return false;

include/linux/fs.h

+14 −0

Original line number	Diff line number	Diff line
		@@ -4023,4 +4023,18 @@ static inline bool vfs_empty_path(int dfd, const char __user *path)

		int generic_atomic_write_valid(struct kiocb iocb, struct iov_iter iter);

		static inline bool extensible_ioctl_valid(unsigned int cmd_a,
		unsigned int cmd_b, size_t min_size)
		{
		if (_IOC_DIR(cmd_a) != _IOC_DIR(cmd_b))
		return false;
		if (_IOC_TYPE(cmd_a) != _IOC_TYPE(cmd_b))
		return false;
		if (_IOC_NR(cmd_a) != _IOC_NR(cmd_b))
		return false;
		if (_IOC_SIZE(cmd_a) < min_size)
		return false;
		return true;
		}

		#endif /* _LINUX_FS_H */