>>
>> /* Get process information */
>> - task = find_get_task_by_vpid(pid);
>> + if (flags & PROCESS_VM_PIDFD)
>> + task = pidfd_get_task(pid, &f_flags);
>> + else
>> + task = find_get_task_by_vpid(pid);
>> +
>> if (!task) {
>> rc = -ESRCH;
>> goto free_proc_pages;
>
> pidfd_get_task() returns ERR_PTR() on failure (e.g. ERR_PTR(-EBADF)),
> but the code checks "if (!task)" which only catches NULL. An invalid
> pidfd will cause mm_access() and put_task_struct() to dereference an
> error pointer, crashing the kernel.
Yes. Should we add proper selftests that exercise these code paths?
--
Cheers,
David
