Re: [RFC] Fix failure path in alloc_pid()

From: Eric W. Biederman
Date: Wed Dec 19 2018 - 04:28:53 EST


Matthew Wilcox <willy@xxxxxxxxxxxxx> writes:

> The failure path removes the allocated PIDs from the wrong namespace.
> I believe this is correct, but have not tested it. Spotted by inspection,
> do we have a test suite for PID namespaces? Some error injection,
> perhaps?
>
> Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR API")
>
Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>

> diff --git a/kernel/pid.c b/kernel/pid.c
> index b2f6c506035da..75264e0d1e71d 100644
> --- a/kernel/pid.c
> +++ b/kernel/pid.c
> @@ -233,8 +233,11 @@ struct pid *alloc_pid(struct pid_namespace *ns)
>
> out_free:
> spin_lock_irq(&pidmap_lock);
> - while (++i <= ns->level)
> - idr_remove(&ns->idr, (pid->numbers + i)->nr);
> + upid = pid->numbers + i;
> + while (++i <= ns->level) {
> + upid++;
> + idr_remove(&upid->ns->idr, upid->nr);
> + }
>
> /* On failure to allocate the first pid, reset the state */
> if (ns->pid_allocated == PIDNS_ADDING)