kernel/pid.c: implement additional checks upon pidfd_create() parameters

[ Upstream commit 490b9ba881 ]

By adding the pidfd_create() declaration to linux/pid.h, we
effectively expose this function to the rest of the kernel. In order
to avoid any unintended behavior, or set false expectations upon this
function, ensure that constraints are forced upon each of the passed
parameters. This includes the checking of whether the passed struct
pid is a thread-group leader as pidfd creation is currently limited to
such pid types.

Link: https://lore.kernel.org/r/2e9b91c2d529d52a003b8b86c45f866153be9eb5.1628398044.git.repnop@google.com
Signed-off-by: Matthew Bobrowski <repnop@google.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Matthew Bobrowski 2021-08-08 15:25:05 +10:00 committed by Greg Kroah-Hartman
parent 774c2dbca7
commit 03b5d3ee50

View File

@ -559,6 +559,12 @@ int pidfd_create(struct pid *pid, unsigned int flags)
{ {
int fd; int fd;
if (!pid || !pid_has_task(pid, PIDTYPE_TGID))
return -EINVAL;
if (flags & ~(O_NONBLOCK | O_RDWR | O_CLOEXEC))
return -EINVAL;
fd = anon_inode_getfd("[pidfd]", &pidfd_fops, get_pid(pid), fd = anon_inode_getfd("[pidfd]", &pidfd_fops, get_pid(pid),
flags | O_RDWR | O_CLOEXEC); flags | O_RDWR | O_CLOEXEC);
if (fd < 0) if (fd < 0)
@ -598,10 +604,7 @@ SYSCALL_DEFINE2(pidfd_open, pid_t, pid, unsigned int, flags)
if (!p) if (!p)
return -ESRCH; return -ESRCH;
if (pid_has_task(p, PIDTYPE_TGID)) fd = pidfd_create(p, flags);
fd = pidfd_create(p, flags);
else
fd = -EINVAL;
put_pid(p); put_pid(p);
return fd; return fd;