pidfs: when time ns disabled add check for ioctl

syzbot call pidfd_ioctl() with cmd "PIDFD_GET_TIME_NAMESPACE" and disabled
CONFIG_TIME_NS, since time_ns is NULL, it will make NULL ponter deref in
open_namespace.

Fixes: 5b08bd408534 ("pidfs: allow retrieval of namespace file descriptors") # mainline only
Reported-and-tested-by: syzbot+34a0ee986f61f15da35d@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=34a0ee986f61f15da35d
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Link: https://lore.kernel.org/r/tencent_7FAE8DB725EE0DD69236DDABDDDE195E4F07@qq.com
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/pidfs.c b/fs/pidfs.c
index c9cb14181deff8d136e6e0aff6f3a8caa1ab1c3a..fe0ddab48f574d885a1cb6662a0ae616f79759fd 100644 (file)
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -168,6 +168,8 @@ static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
        case PIDFD_GET_TIME_NAMESPACE:
                get_time_ns(nsp->time_ns);
                ns_common = to_ns_common(nsp->time_ns);
+               if (!nsp->time_ns)
+                       return -EINVAL;
                break;
        case PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE:
                get_time_ns(nsp->time_ns_for_children);