From: Christian Brauner <brauner@kernel.org>
To: linux-fsdevel@vger.kernel.org
Cc: Alexander Viro <viro@zeniv.linux.org.uk>, Jan Kara <jack@suse.cz>,
linux-kernel@vger.kernel.org,
"Christian Brauner (Amutable)" <brauner@kernel.org>
Subject: [PATCH 0/3] pidfs: small fixes
Date: Mon, 20 Apr 2026 15:32:34 +0200 [thread overview]
Message-ID: <20260420-work-pidfs-v1-0-4bd614e1cb33@kernel.org> (raw)
Three independent pidfs bug fixes, each with a Fixes: tag.
Patch 1 fixes PIDFD_THREAD flag loss when pidfds are opened via file
handles. PIDFD_THREAD is defined as O_EXCL, and do_dentry_open() strips
O_EXCL from f_flags, so thread pidfds obtained via open_by_handle_at()
silently end up with PIDTYPE_TGID scope. pidfs_alloc_file() already
restored the flag after dentry_open(); factor that into a shared
pidfs_open_file() helper and use it from pidfs_export_open() too.
Without this, pidfd_send_signal() on a thread pidfd reopened from a
file handle delivers to the entire thread group instead of the
specific thread.
Patch 2 fixes pidfs_xattr_get() returning 0 when no xattrs have ever
been set (attr->xattrs == NULL). The VFS interprets 0 as "xattr exists
with a zero-length value", so getxattr() on a pidfd reports success
for non-existent xattrs. Return -ENODATA instead, matching
simple_xattr_get().
Patch 3 enforces the documented PIDFD_GET_INFO contract that the
kernel must not set a mask bit unless the user buffer is large enough
to carry the corresponding field. Today PIDFD_INFO_COREDUMP,
PIDFD_INFO_COREDUMP_SIGNAL and PIDFD_INFO_SUPPORTED_MASK are returned
in the mask without checking usize against PIDFD_INFO_SIZE_VER1/VER2.
copy_struct_to_user() stops at min(usize, ksize) so no kernel memory
leaks, but userspace that trusts the mask as documented will read its
own uninitialized buffer as if it were valid data. Gate the mask bits
on usize.
Signed-off-by: Christian Brauner (Amutable) <brauner@kernel.org>
---
Christian Brauner (3):
pidfs: fix PIDFD_THREAD flag loss when opening pidfds via file handles
pidfs: return -ENODATA from pidfs_xattr_get() when no xattrs exist
pidfs: don't report pidfd_info fields that won't fit in the user buffer
fs/pidfs.c | 38 +++++++++++++++++++++++---------------
1 file changed, 23 insertions(+), 15 deletions(-)
---
base-commit: e774d5f1bc27a85f858bce7688509e866f8e8a4e
change-id: 20260420-work-pidfs-6152879f9434
next reply other threads:[~2026-04-20 13:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 13:32 Christian Brauner [this message]
2026-04-20 13:32 ` [PATCH 1/3] pidfs: fix PIDFD_THREAD flag loss when opening pidfds via file handles Christian Brauner
2026-04-20 15:39 ` Jan Kara
2026-04-20 13:32 ` [PATCH 2/3] pidfs: return -ENODATA from pidfs_xattr_get() when no xattrs exist Christian Brauner
2026-04-20 15:40 ` Jan Kara
2026-04-20 13:32 ` [PATCH 3/3] pidfs: don't report pidfd_info fields that won't fit in the user buffer Christian Brauner
2026-04-20 15:50 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260420-work-pidfs-v1-0-4bd614e1cb33@kernel.org \
--to=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox