Skip to content

Commit

Permalink
Fix failure path in alloc_pid()
Browse files Browse the repository at this point in the history 
The failure path removes the allocated PIDs from the wrong namespace.
This could lead to us inadvertently reusing PIDs in the leaf namespace
and leaking PIDs in parent namespaces.

Fixes: 95846ec ("pid: replace pid bitmap implementation with IDR API")
Cc: <stable@vger.kernel.org>
Signed-off-by: Matthew Wilcox <willy@infradead.org>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
@torvalds
Matthew Wilcox authored and torvalds committed Dec 28, 2018
1 parent 00c569b commit 1a80dad
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions kernel/pid.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,8 +233,10 @@ struct pid *alloc_pid(struct pid_namespace *ns)

out_free:
spin_lock_irq(&pidmap_lock);
while (++i <= ns->level)
idr_remove(&ns->idr, (pid->numbers + i)->nr);
while (++i <= ns->level) {
upid = pid->numbers + i;
idr_remove(&upid->ns->idr, upid->nr);
}

/* On failure to allocate the first pid, reset the state */
if (ns->pid_allocated == PIDNS_ADDING)
Expand Down

0 comments on commit 1a80dad

Please sign in to comment.