Patch "kernel/pid.c: implement additional checks upon pidfd_create() parameters" has been added to the 5.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 18 Jun 2024 07:43:38 -0400

This is a note to let you know that I've just added the patch titled

    kernel/pid.c: implement additional checks upon pidfd_create() parameters

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kernel-pid.c-implement-additional-checks-upon-pidfd_.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 42d0d77b31a67f091dccc2c6a198577e3816816d
Author: Matthew Bobrowski <repnop@xxxxxxxxxx>
Date:   Sun Aug 8 15:25:05 2021 +1000

    kernel/pid.c: implement additional checks upon pidfd_create() parameters
    
    [ Upstream commit 490b9ba881e2c6337bb09b68010803ae98e59f4a ]
    
    By adding the pidfd_create() declaration to linux/pid.h, we
    effectively expose this function to the rest of the kernel. In order
    to avoid any unintended behavior, or set false expectations upon this
    function, ensure that constraints are forced upon each of the passed
    parameters. This includes the checking of whether the passed struct
    pid is a thread-group leader as pidfd creation is currently limited to
    such pid types.
    
    Link: https://lore.kernel.org/r/2e9b91c2d529d52a003b8b86c45f866153be9eb5.1628398044.git.repnop@xxxxxxxxxx
    Signed-off-by: Matthew Bobrowski <repnop@xxxxxxxxxx>
    Acked-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
    Signed-off-by: Jan Kara <jack@xxxxxxx>
    Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/pid.c b/kernel/pid.c
index 74f0466757cbf..0820f2c50bb0c 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -559,6 +559,12 @@ int pidfd_create(struct pid *pid, unsigned int flags)
 {
 	int fd;
 
+	if (!pid || !pid_has_task(pid, PIDTYPE_TGID))
+		return -EINVAL;
+
+	if (flags & ~(O_NONBLOCK | O_RDWR | O_CLOEXEC))
+		return -EINVAL;
+
 	fd = anon_inode_getfd("[pidfd]", &pidfd_fops, get_pid(pid),
 			      flags | O_RDWR | O_CLOEXEC);
 	if (fd < 0)
@@ -598,10 +604,7 @@ SYSCALL_DEFINE2(pidfd_open, pid_t, pid, unsigned int, flags)
 	if (!p)
 		return -ESRCH;
 
-	if (pid_has_task(p, PIDTYPE_TGID))
-		fd = pidfd_create(p, flags);
-	else
-		fd = -EINVAL;
+	fd = pidfd_create(p, flags);
 
 	put_pid(p);
 	return fd;







