lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Fri,  6 Mar 2020 11:23:14 -0600
Cc:     Corey Minyard <>,,
        Adrian Reber <>,
        Christian Brauner <>,
        Oleg Nesterov <>,
        Dmitry Safonov <>,
        Andrei Vagin <>
Subject: [PATCH v2] pid: Fix error return value in some cases

From: Corey Minyard <>

Recent changes to alloc_pid() allow the pid number to be specified on
the command line.  If set_tid_size is set, then the code scanning the
levels will hard-set retval to -EPERM, overriding it's previous -ENOMEM

After the code scanning the levels, there are error returns that do not
set retval, assuming it is still set to -ENOMEM.

So set retval back to -ENOMEM after scanning the levels.

Fixes: 49cb2fc42ce4 "fork: extend clone3() to support setting a PID"
Signed-off-by: Corey Minyard <>
Cc: <> # 5.5
Cc: Adrian Reber <>
Cc: Christian Brauner <>
Cc: Oleg Nesterov <>
Cc: Dmitry Safonov <>
Cc: Andrei Vagin <>

Changes from v1:
  Just set retval to -ENOMEM before the gotos that would use it.

I do think that the second instance:

        if (!(ns->pid_allocated & PIDNS_ADDING))
                goto out_unlock;

is returning the wrong error value, but that's probably not a big
deal, and if it was fixed would probably need to be a separate change.

In the first instance, the error return values are almost all -ENOMEM,

 kernel/pid.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/pid.c b/kernel/pid.c
index 0f4ecb57214c..19645b25b77c 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -247,6 +247,8 @@ struct pid *alloc_pid(struct pid_namespace *ns, pid_t *set_tid,
 		tmp = tmp->parent;
+	retval = -ENOMEM;
 	if (unlikely(is_child_reaper(pid))) {
 		if (pid_ns_prepare_proc(ns))
 			goto out_free;

Powered by blists - more mailing lists