aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-07-03 16:00:21 +0800
committerLinus Torvalds <torvalds@linux-foundation.org>2019-07-03 16:00:21 +0800
commit8d68d93255227da660c63b9162f7001e2f5d470a (patch)
tree259aadb2c5cc7263871132f27ef380a5c76a92d6
parent4b1fe9b58e9d20f23f6b07d1c2e0dbd921da67bf (diff)
parent28dd29c06d0dede4b32b2c559cff21955a830928 (diff)
Merge tag 'for-linus-20190701' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
Pull pidfd fork() fix from Christian Brauner: "A single small fix for copy_process() in kernel/fork.c: With Al's removal of ksys_close() from cleanup paths in copy_process() a bug was introduced. When anon_inode_getfile() failed the cleanup was correctly performed but the error code was not propagated to callers of copy_process() causing them to operate on a nonsensical pointer. The fix is a simple on-liner which makes sure that a proper negative error code is returned from copy_process(). syzkaller has also verified that the bug is not reproducible with this fix" * tag 'for-linus-20190701' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux: fork: return proper negative error code
-rw-r--r--kernel/fork.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index 61667909ce83..fe83343da24b 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2036,6 +2036,7 @@ static __latent_entropy struct task_struct *copy_process(
O_RDWR | O_CLOEXEC);
if (IS_ERR(pidfile)) {
put_unused_fd(pidfd);
+ retval = PTR_ERR(pidfile);
goto bad_fork_free_pid;
}
get_pid(pid); /* held by pidfile now */