On 4/23/26 16:04, David Laight wrote: > On Thu, 23 Apr 2026 14:52:26 +0200 > "David Hildenbrand (Arm)" <[email protected]> wrote: > >>> >>> pidfd_get_task() returns ERR_PTR() on failure (e.g. ERR_PTR(-EBADF)), >>> but the code checks "if (!task)" which only catches NULL. An invalid >>> pidfd will cause mm_access() and put_task_struct() to dereference an >>> error pointer, crashing the kernel. >> >> Yes. Should we add proper selftests that exercise these code paths? >>
Just to clarify: I meant adding more tests to patch #2 that trigger the issue here. > > Probably worth checking what happens when a 64bit process tries to > read high addresses of a 32bit process. > I guess these are a bit harder to write, but would certainly be useful. -- Cheers, David
