diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-07-03 16:00:21 +0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-07-03 16:00:21 +0800 |
| commit | 8d68d93255227da660c63b9162f7001e2f5d470a (patch) | |
| tree | 259aadb2c5cc7263871132f27ef380a5c76a92d6 | |
| parent | 4b1fe9b58e9d20f23f6b07d1c2e0dbd921da67bf (diff) | |
| parent | 28dd29c06d0dede4b32b2c559cff21955a830928 (diff) | |
Merge tag 'for-linus-20190701' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux
Pull pidfd fork() fix from Christian Brauner:
"A single small fix for copy_process() in kernel/fork.c:
With Al's removal of ksys_close() from cleanup paths in copy_process()
a bug was introduced. When anon_inode_getfile() failed the cleanup was
correctly performed but the error code was not propagated to callers
of copy_process() causing them to operate on a nonsensical pointer.
The fix is a simple on-liner which makes sure that a proper negative
error code is returned from copy_process().
syzkaller has also verified that the bug is not reproducible with this
fix"
* tag 'for-linus-20190701' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
fork: return proper negative error code
| -rw-r--r-- | kernel/fork.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/fork.c b/kernel/fork.c index 61667909ce83..fe83343da24b 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2036,6 +2036,7 @@ static __latent_entropy struct task_struct *copy_process( O_RDWR | O_CLOEXEC); if (IS_ERR(pidfile)) { put_unused_fd(pidfd); + retval = PTR_ERR(pidfile); goto bad_fork_free_pid; } get_pid(pid); /* held by pidfile now */ |