On Tue, Dec 17, 2019 at 2:00 AM Sargun Dhillon <sargun@xxxxxxxxx> wrote:
> This adds an ioctl which allows file descriptors to be extracted
> from processes based on their pidfd.
[...]
> You must have the ability to ptrace the process in order to extract any
> file descriptors from it. ptrace can already be used to extract file
> descriptors based on parasitic code injections, so the permissions
> model is aligned.
[...]
> + task = get_pid_task(pid, PIDTYPE_PID);
> + if (!task)
> + return -ESRCH;
> + ret = -EPERM;
Please add something like
if (mutex_lock_killable(&task->signal->cred_guard_mutex))
goto out;
here, and drop the mutex after fget_task().
> + if (!ptrace_may_access(task, PTRACE_MODE_READ_REALCREDS))
> + goto out;
> + ret = -EBADF;
> + file = fget_task(task, args.fd);
> + if (!file)
> + goto out;
> +
> + fd = get_unused_fd_flags(fd_flags);
> + if (fd < 0) {
> + ret = fd;
> + goto out_put_file;
> + }
> + /*
> + * security_file_receive must come last since it may have side effects
> + * and cannot be reversed.
> + */
> + ret = security_file_receive(file);
> + if (ret)
> + goto out_put_fd;
> +
> + fd_install(fd, file);
> + put_task_struct(task);
> + return fd;
> +
> +out_put_fd:
> + put_unused_fd(fd);
> +out_put_file:
> + fput(file);
> +out:
> + put_task_struct(task);
> + return ret;
> +}
