summaryrefslogtreecommitdiff
path: root/fs/nsfs.c
diff options
context:
space:
mode:
authorChristian Brauner <brauner@kernel.org>2025-02-19 17:40:28 +0100
committerChristian Brauner <brauner@kernel.org>2025-02-20 09:13:49 +0100
commit7fd511f8c911ab6ffb49357d5cd8ef493f28c921 (patch)
tree7532b184dae9cdb15114de48ae8ba8dfaa7ecdf5 /fs/nsfs.c
parent2014c95afecee3e76ca4a56956a936e23283f05b (diff)
nsfs: validate ioctls
Nsfs supports extensible and non-extensible ioctls. Validate both types to prevent confusion. Link: https://lore.kernel.org/r/20250219-work-nsfs-v1-1-21128d73c5e8@kernel.org Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org>
Diffstat (limited to 'fs/nsfs.c')
-rw-r--r--fs/nsfs.c32
1 files changed, 31 insertions, 1 deletions
diff --git a/fs/nsfs.c b/fs/nsfs.c
index 663f8656158d..1ab705bb9386 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -152,19 +152,49 @@ static int copy_ns_info_to_user(const struct mnt_namespace *mnt_ns,
return 0;
}
+static bool nsfs_ioctl_valid(unsigned int cmd)
+{
+ switch (cmd) {
+ case NS_GET_USERNS:
+ case NS_GET_PARENT:
+ case NS_GET_NSTYPE:
+ case NS_GET_OWNER_UID:
+ case NS_GET_MNTNS_ID:
+ case NS_GET_PID_FROM_PIDNS:
+ case NS_GET_TGID_FROM_PIDNS:
+ case NS_GET_PID_IN_PIDNS:
+ case NS_GET_TGID_IN_PIDNS:
+ return (_IOC_TYPE(cmd) == _IOC_TYPE(cmd));
+ }
+
+ /* Extensible ioctls require some extra handling. */
+ switch (_IOC_NR(cmd)) {
+ case _IOC_NR(NS_MNT_GET_INFO):
+ case _IOC_NR(NS_MNT_GET_NEXT):
+ case _IOC_NR(NS_MNT_GET_PREV):
+ return (_IOC_TYPE(cmd) == _IOC_TYPE(cmd));
+ }
+
+ return false;
+}
+
static long ns_ioctl(struct file *filp, unsigned int ioctl,
unsigned long arg)
{
struct user_namespace *user_ns;
struct pid_namespace *pid_ns;
struct task_struct *tsk;
- struct ns_common *ns = get_proc_ns(file_inode(filp));
+ struct ns_common *ns;
struct mnt_namespace *mnt_ns;
bool previous = false;
uid_t __user *argp;
uid_t uid;
int ret;
+ if (!nsfs_ioctl_valid(ioctl))
+ return -ENOIOCTLCMD;
+
+ ns = get_proc_ns(file_inode(filp));
switch (ioctl) {
case NS_GET_USERNS:
return open_related_ns(ns, ns_get_owner);
generated by cgit (git 2.34.1) at 2025-05-11 18:43:32 +0000