From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri, 10 Apr 2020 19:59:56 +0000 (-0700)
Subject: Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm... 
X-Git-Tag: v5.7-rc1~20
X-Git-Url: https://repo.jachan.dev/linux.git/commitdiff_plain/87ad46e601340394cd75c1c79b19ca906f82c543

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull proc fix from Eric Biederman:
 "A brown paper bag slipped through my proc changes, and syzcaller
  caught it when the code ended up in your tree.

  I have opted to fix it the simplest cleanest way I know how, so there
  is no reasonable chance for the bug to repeat"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  proc: Use a dedicated lock in struct pid
---

87ad46e601340394cd75c1c79b19ca906f82c543
diff --cc kernel/pid.c
index bc21c0fb26d8,517d0855d4cf..c835b844aca7
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@@ -244,18 -244,9 +244,19 @@@ struct pid *alloc_pid(struct pid_namesp
  		tmp = tmp->parent;
  	}
  
 +	/*
 +	 * ENOMEM is not the most obvious choice especially for the case
 +	 * where the child subreaper has already exited and the pid
 +	 * namespace denies the creation of any new processes. But ENOMEM
 +	 * is what we have exposed to userspace for a long time and it is
 +	 * documented behavior for pid namespaces. So we can't easily
 +	 * change it even if there were an error code better suited.
 +	 */
 +	retval = -ENOMEM;
 +
  	get_pid_ns(ns);
  	refcount_set(&pid->count, 1);
+ 	spin_lock_init(&pid->lock);
  	for (type = 0; type < PIDTYPE_MAX; ++type)
  		INIT_HLIST_HEAD(&pid->tasks[type]);