Merge tag 'pidfd-fixes-v5.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux
Pull pidfd fixes from Christian Brauner:
"This fixes two bugs:
- The first one reported by Linus whereby the pidfd-metadata binary
was not placed in a .gitignore file.
- The second one is rather urgent and fixes a locking issue found by
syzkaller.
What happened is that during process creation we need to check
whether the cgroup we are in allows us to fork. To perform this
check the cgroup needs to guard itself against threadgroup changes
and takes a lock.
Prior to CLONE_PIDFD the cleanup target "bad_fork_free_pid" would
also need to release said lock. That's not true anymore since
CLONE_PIDFD so this is fixed here.
Syzkaller has tested the patch and was not able to reproduce the
issue"
* tag 'pidfd-fixes-v5.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux:
fork: do not release lock that wasn't taken
samples: add .gitignore for pidfd-metadata
diff --git a/kernel/fork.c b/kernel/fork.c
index 5359fac..737db18 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2102,7 +2102,7 @@ static __latent_entropy struct task_struct *copy_process(
*/
retval = cgroup_can_fork(p);
if (retval)
- goto bad_fork_put_pidfd;
+ goto bad_fork_cgroup_threadgroup_change_end;
/*
* From this point on we must avoid any synchronous user-space
@@ -2217,11 +2217,12 @@ static __latent_entropy struct task_struct *copy_process(
spin_unlock(¤t->sighand->siglock);
write_unlock_irq(&tasklist_lock);
cgroup_cancel_fork(p);
+bad_fork_cgroup_threadgroup_change_end:
+ cgroup_threadgroup_change_end(current);
bad_fork_put_pidfd:
if (clone_flags & CLONE_PIDFD)
ksys_close(pidfd);
bad_fork_free_pid:
- cgroup_threadgroup_change_end(current);
if (pid != &init_struct_pid)
free_pid(pid);
bad_fork_cleanup_thread:
diff --git a/samples/pidfd/.gitignore b/samples/pidfd/.gitignore
new file mode 100644
index 0000000..be52b3b
--- /dev/null
+++ b/samples/pidfd/.gitignore
@@ -0,0 +1 @@
+pidfd-metadata