| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250810173604.GA19991@redhat.com> Date: Sun, 10 Aug 2025 19:36:04 +0200 From: Oleg Nesterov <oleg@...hat.com> To: Andrew Morton <akpm@...ux-foundation.org>, Christian Brauner <brauner@...nel.org>, 高翔 <gaoxiang17@...omi.com> Cc: Al Viro <viro@...iv.linux.org.uk>, Mateusz Guzik <mjguzik@...il.com>, Xiang Gao <gxxa03070307@...il.com>, linux-kernel@...r.kernel.org Subject: [PATCH 1/4] pid: make __task_pid_nr_ns(ns => NULL) safe for zombie callers task_pid_vnr(another_task) will crash if the caller was already reaped. The pid_alive(current) check can't really help, the parent/debugger can call release_task() right after this check. This also means that even task_ppid_nr_ns(current, NULL) is not safe, pid_alive() only ensures that it is safe to dereference ->real_parent. Change __task_pid_nr_ns() to ensure ns != NULL. Originally-by: 高翔 <gaoxiang17@...omi.com> Link: https://lore.kernel.org/all/20250802022123.3536934-1-gxxa03070307@gmail.com/ Signed-off-by: Oleg Nesterov <oleg@...hat.com> --- kernel/pid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/pid.c b/kernel/pid.c index 8317bcbc7cf7..58d97a78f07e 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -514,7 +514,8 @@ pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, rcu_read_lock(); if (!ns) ns = task_active_pid_ns(current); - nr = pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns); + if (ns) + nr = pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns); rcu_read_unlock(); return nr; -- 2.25.1.362.g51ebf55
Powered by blists - more mailing lists