[PATCH 1/4] pid: make __task_pid_nr_ns(ns => NULL) safe for zombie callers

From: Oleg Nesterov
Date: Sun Aug 10 2025 - 13:37:36 EST

Next message: Oleg Nesterov: "[PATCH 2/4] pid: introduce task_ppid_vnr()"
Previous message: Christophe JAILLET: "Re: [PATCH v3 3/4] iio: adc: add ade9000 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

task_pid_vnr(another_task) will crash if the caller was already reaped.
The pid_alive(current) check can't really help, the parent/debugger can
call release_task() right after this check.

This also means that even task_ppid_nr_ns(current, NULL) is not safe,
pid_alive() only ensures that it is safe to dereference ->real_parent.

Change __task_pid_nr_ns() to ensure ns != NULL.

Originally-by: 高翔 <gaoxiang17@xxxxxxxxxx>
Link: https://lore.kernel.org/all/20250802022123.3536934-1-gxxa03070307@xxxxxxxxx/
Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>
---
kernel/pid.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/pid.c b/kernel/pid.c
index 8317bcbc7cf7..58d97a78f07e 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -514,7 +514,8 @@ pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
rcu_read_lock();
if (!ns)
ns = task_active_pid_ns(current);
- nr = pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);
+ if (ns)
+ nr = pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);
rcu_read_unlock();

return nr;
--
2.25.1.362.g51ebf55

Next message: Oleg Nesterov: "[PATCH 2/4] pid: introduce task_ppid_vnr()"
Previous message: Christophe JAILLET: "Re: [PATCH v3 3/4] iio: adc: add ade9000 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]