Unverified Commit f60d38cb authored by Edward Adam Davis's avatar Edward Adam Davis Committed by Christian Brauner
Browse files

pidfs: when time ns disabled add check for ioctl 



syzbot call pidfd_ioctl() with cmd "PIDFD_GET_TIME_NAMESPACE" and disabled
CONFIG_TIME_NS, since time_ns is NULL, it will make NULL ponter deref in
open_namespace.

Fixes: 5b08bd40 ("pidfs: allow retrieval of namespace file descriptors") # mainline only
Reported-and-tested-by: default avatar <syzbot+34a0ee986f61f15da35d@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=34a0ee986f61f15da35d


Signed-off-by: default avatarEdward Adam Davis <eadavis@qq.com>
Link: https://lore.kernel.org/r/tencent_7FAE8DB725EE0DD69236DDABDDDE195E4F07@qq.com


Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent b40c8e7a

fs/pidfs.c

+2 −0
Original line number Diff line number Diff line
@@ -168,6 +168,8 @@ static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 
	case PIDFD_GET_TIME_NAMESPACE:

		get_time_ns(nsp->time_ns);

		ns_common = to_ns_common(nsp->time_ns);

		if (!nsp->time_ns)

			return -EINVAL;

		break;

	case PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE:

		get_time_ns(nsp->time_ns_for_children);