diff options
author | Alexey Gladkov <gladkov.alexey@gmail.com> | 2020-05-18 20:07:38 +0200 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2020-05-19 07:07:50 -0500 |
commit | 9d78edeaec759f997c303f286ecd39daee166f2a (patch) | |
tree | 2325279bb24196709e59a506cbf4f346c1e69a2b /fs/locks.c | |
parent | 2dd8083f6d8acd1371ccabedef1c9f1ad272a90d (diff) | |
download | lwn-9d78edeaec759f997c303f286ecd39daee166f2a.tar.gz lwn-9d78edeaec759f997c303f286ecd39daee166f2a.zip |
proc: proc_pid_ns takes super_block as an argument
syzbot found that
touch /proc/testfile
causes NULL pointer dereference at tomoyo_get_local_path()
because inode of the dentry is NULL.
Before c59f415a7cb6, Tomoyo received pid_ns from proc's s_fs_info
directly. Since proc_pid_ns() can only work with inode, using it in
the tomoyo_get_local_path() was wrong.
To avoid creating more functions for getting proc_ns, change the
argument type of the proc_pid_ns() function. Then, Tomoyo can use
the existing super_block to get pid_ns.
Link: https://lkml.kernel.org/r/0000000000002f0c7505a5b0e04c@google.com
Link: https://lkml.kernel.org/r/20200518180738.2939611-1-gladkov.alexey@gmail.com
Reported-by: syzbot+c1af344512918c61362c@syzkaller.appspotmail.com
Fixes: c59f415a7cb6 ("Use proc_pid_ns() to get pid_namespace from the proc superblock")
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'fs/locks.c')
-rw-r--r-- | fs/locks.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/locks.c b/fs/locks.c index 399c5dbb72c4..ab702d6efb55 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2823,7 +2823,7 @@ static void lock_get_status(struct seq_file *f, struct file_lock *fl, { struct inode *inode = NULL; unsigned int fl_pid; - struct pid_namespace *proc_pidns = proc_pid_ns(file_inode(f->file)); + struct pid_namespace *proc_pidns = proc_pid_ns(file_inode(f->file)->i_sb); fl_pid = locks_translate_pid(fl, proc_pidns); /* @@ -2901,7 +2901,7 @@ static int locks_show(struct seq_file *f, void *v) { struct locks_iterator *iter = f->private; struct file_lock *fl, *bfl; - struct pid_namespace *proc_pidns = proc_pid_ns(file_inode(f->file)); + struct pid_namespace *proc_pidns = proc_pid_ns(file_inode(f->file)->i_sb); fl = hlist_entry(v, struct file_lock, fl_link); |