[PATCH] Fix failure path in alloc_pid()

From: Matthew Wilcox
Date: Fri Dec 28 2018 - 10:22:40 EST

Next message: Julia Lawall: "[PATCH] scripts/coccinelle: check for redeclaration"
Previous message: PaweÅ Chmiel: "[PATCH v2 1/3] drm/exynos: rotator: Add support for s5pv210"
Next in thread: Linus Torvalds: "Re: [PATCH] Fix failure path in alloc_pid()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The failure path removes the allocated PIDs from the wrong namespace.
This could lead to us inadvertently reusing PIDs in the leaf namespace
and leaking PIDs in parent namespaces.

Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR API")
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Reviewed-by: Oleg Nesterov <oleg@xxxxxxxxxx>
---
kernel/pid.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/pid.c b/kernel/pid.c
index b2f6c506035da..20881598bdfac 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -233,8 +233,10 @@ struct pid *alloc_pid(struct pid_namespace *ns)

out_free:
spin_lock_irq(&pidmap_lock);
- while (++i <= ns->level)
- idr_remove(&ns->idr, (pid->numbers + i)->nr);
+ while (++i <= ns->level) {
+ upid = pid->numbers + i;
+ idr_remove(&upid->ns->idr, upid->nr);
+ }

/* On failure to allocate the first pid, reset the state */
if (ns->pid_allocated == PIDNS_ADDING)
--
2.19.2

Next message: Julia Lawall: "[PATCH] scripts/coccinelle: check for redeclaration"
Previous message: PaweÅ Chmiel: "[PATCH v2 1/3] drm/exynos: rotator: Add support for s5pv210"
Next in thread: Linus Torvalds: "Re: [PATCH] Fix failure path in alloc_pid()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]