diff options
| author | Matthew Wilcox <willy@infradead.org> | 2018-12-28 10:22:26 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-12-28 15:42:30 -0500 |
| commit | 1a80dade010c7a7f4885a4c4c2a7ac22cc7b34df (patch) | |
| tree | 95cc3a11b8292c2abeb81fecec48739e2390d087 /kernel/pid.c | |
| parent | 00c569b567c7f1f0da6162868fd02a9f29411805 (diff) | |
Fix failure path in alloc_pid()
The failure path removes the allocated PIDs from the wrong namespace.
This could lead to us inadvertently reusing PIDs in the leaf namespace
and leaking PIDs in parent namespaces.
Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR API")
Cc: <stable@vger.kernel.org>
Signed-off-by: Matthew Wilcox <willy@infradead.org>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/pid.c')
| -rw-r--r-- | kernel/pid.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/kernel/pid.c b/kernel/pid.c index b2f6c506035d..20881598bdfa 100644 --- a/kernel/pid.c +++ b/kernel/pid.c | |||
| @@ -233,8 +233,10 @@ out_unlock: | |||
| 233 | 233 | ||
| 234 | out_free: | 234 | out_free: |
| 235 | spin_lock_irq(&pidmap_lock); | 235 | spin_lock_irq(&pidmap_lock); |
| 236 | while (++i <= ns->level) | 236 | while (++i <= ns->level) { |
| 237 | idr_remove(&ns->idr, (pid->numbers + i)->nr); | 237 | upid = pid->numbers + i; |
| 238 | idr_remove(&upid->ns->idr, upid->nr); | ||
| 239 | } | ||
| 238 | 240 | ||
| 239 | /* On failure to allocate the first pid, reset the state */ | 241 | /* On failure to allocate the first pid, reset the state */ |
| 240 | if (ns->pid_allocated == PIDNS_ADDING) | 242 | if (ns->pid_allocated == PIDNS_ADDING) |