Re: [PATCH v2 1/2] mm/process_vm_access: pidfd and nowait support for process_vm_readv/writev

Next message: David Carlier: "[PATCH 1/2] mm/memfd_luo: reject memfds whose page count exceeds UINT_MAX"
Previous message: Mathieu Poirier: "Re: [PATCH v13 0/4] Enable Remote GPIO over RPMSG on i.MX Platform"
Next in thread: David Laight: "Re: [PATCH v2 1/2] mm/process_vm_access: pidfd and nowait support for process_vm_readv/writev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Hildenbrand (Arm)

Date: Thu Apr 23 2026 - 08:56:39 EST

>>
>> /* Get process information */
>> - task = find_get_task_by_vpid(pid);
>> + if (flags & PROCESS_VM_PIDFD)
>> + task = pidfd_get_task(pid, &f_flags);
>> + else
>> + task = find_get_task_by_vpid(pid);
>> +
>> if (!task) {
>> rc = -ESRCH;
>> goto free_proc_pages;
>
> pidfd_get_task() returns ERR_PTR() on failure (e.g. ERR_PTR(-EBADF)),
> but the code checks "if (!task)" which only catches NULL. An invalid
> pidfd will cause mm_access() and put_task_struct() to dereference an
> error pointer, crashing the kernel.

Yes. Should we add proper selftests that exercise these code paths?

--
Cheers,

David