pidfs: check for valid ioctl commands

Prior to doing any work, check whether the provided ioctl command is
supported by pidfs.

Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/pidfs.c b/fs/pidfs.c
index cc773875e9e437fb0b20aac96164e74e423e9a57..fe10d2a126a2235406d200e2cc96317f62f87193 100644 (file)
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -264,6 +264,27 @@ static long pidfd_info(struct task_struct *task, unsigned int cmd, unsigned long
        return 0;
 }
 
+static bool pidfs_ioctl_valid(unsigned int cmd)
+{
+       switch (cmd) {
+       case FS_IOC_GETVERSION:
+       case PIDFD_GET_CGROUP_NAMESPACE:
+       case PIDFD_GET_INFO:
+       case PIDFD_GET_IPC_NAMESPACE:
+       case PIDFD_GET_MNT_NAMESPACE:
+       case PIDFD_GET_NET_NAMESPACE:
+       case PIDFD_GET_PID_FOR_CHILDREN_NAMESPACE:
+       case PIDFD_GET_TIME_NAMESPACE:
+       case PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE:
+       case PIDFD_GET_UTS_NAMESPACE:
+       case PIDFD_GET_USER_NAMESPACE:
+       case PIDFD_GET_PID_NAMESPACE:
+               return true;
+       }
+
+       return false;
+}
+
 static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
        struct task_struct *task __free(put_task) = NULL;
@@ -272,6 +293,9 @@ static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
        struct ns_common *ns_common = NULL;
        struct pid_namespace *pid_ns;
 
+       if (!pidfs_ioctl_valid(cmd))
+               return -ENOIOCTLCMD;
+
        if (cmd == FS_IOC_GETVERSION) {
                if (!arg)
                        return -EINVAL;