[PATCH] pidfs: check for valid pid namespace

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] pidfs: check for valid pid namespace
@ 2024-09-26 16:51 Christian Brauner
  2024-09-30 18:13 ` Josef Bacik
  0 siblings, 1 reply; 2+ messages in thread
From: Christian Brauner @ 2024-09-26 16:51 UTC (permalink / raw)
  To: Jeff Layton, Josef Bacik, Alexander Mikhalitsyn
  Cc: Christian Brauner, linux-fsdevel, stable

When we access a no-current task's pid namespace we need check that the
task hasn't been reaped in the meantime and it's pid namespace isn't
accessible anymore.

The user namespace is fine because it is only released when the last
reference to struct task_struct is put and exit_creds() is called.

Fixes: 5b08bd408534 ("pidfs: allow retrieval of namespace file descriptors")
CC: stable@vger.kernel.org # v6.11
Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 fs/pidfs.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/pidfs.c b/fs/pidfs.c
index 7ffdc88dfb52..80675b6bf884 100644
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -120,6 +120,7 @@ static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 	struct nsproxy *nsp __free(put_nsproxy) = NULL;
 	struct pid *pid = pidfd_pid(file);
 	struct ns_common *ns_common = NULL;
+	struct pid_namespace *pid_ns;
 
 	if (arg)
 		return -EINVAL;
@@ -202,7 +203,9 @@ static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 	case PIDFD_GET_PID_NAMESPACE:
 		if (IS_ENABLED(CONFIG_PID_NS)) {
 			rcu_read_lock();
-			ns_common = to_ns_common( get_pid_ns(task_active_pid_ns(task)));
+			pid_ns = task_active_pid_ns(task);
+			if (pid_ns)
+				ns_common = to_ns_common(get_pid_ns(pid_ns));
 			rcu_read_unlock();
 		}
 		break;
-- 
2.45.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] pidfs: check for valid pid namespace
  2024-09-26 16:51 [PATCH] pidfs: check for valid pid namespace Christian Brauner
@ 2024-09-30 18:13 ` Josef Bacik
  0 siblings, 0 replies; 2+ messages in thread
From: Josef Bacik @ 2024-09-30 18:13 UTC (permalink / raw)
  To: Christian Brauner
  Cc: Jeff Layton, Alexander Mikhalitsyn, linux-fsdevel, stable

On Thu, Sep 26, 2024 at 06:51:46PM +0200, Christian Brauner wrote:
> When we access a no-current task's pid namespace we need check that the
> task hasn't been reaped in the meantime and it's pid namespace isn't
> accessible anymore.
> 
> The user namespace is fine because it is only released when the last
> reference to struct task_struct is put and exit_creds() is called.
> 
> Fixes: 5b08bd408534 ("pidfs: allow retrieval of namespace file descriptors")
> CC: stable@vger.kernel.org # v6.11
> Signed-off-by: Christian Brauner <brauner@kernel.org>

Reviewed-by: Josef Bacik <josef@toxicpanda.com>

Thanks,

Josef

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-09-30 18:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-26 16:51 [PATCH] pidfs: check for valid pid namespace Christian Brauner
2024-09-30 18:13 ` Josef Bacik

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).