On Wed, Apr 17, 2019 at 04:22:54PM +0200, Oleg Nesterov wrote:
> On 04/16, Christian Brauner wrote:
> >
> > + if (clone_flags & CLONE_PIDFD) {
> > + retval = pidfd_create(pid, &pidfdf);
> > + if (retval < 0)
> > + goto bad_fork_free_pid;
> > + pidfd = retval;
> > + }
>
> ...
>
> > + if (clone_flags & CLONE_PIDFD) {
> > + fd_install(pidfd, pidfdf);
> > + put_user(pidfd, parent_tidptr);
>
> put_user() can fail, I don't think this error should be silently ignored,
> this can lead to the hard-to-trigger/debug problems.
>
> Why can't we do put_user-with-check along with pidfd_create() above?
I've moved put_user() right were pidfd_create() is called but I think
then it makes sense to change pidfd_create() to also do the fd_install()
such that the following sequence creates the pidfd, installs it, and
calls put_user() and calls ksys_close() on error. Any objections Oleg?
+ if (clone_flags & CLONE_PIDFD) {
+ retval = pidfd_create(pid);
+ if (retval < 0)
+ goto bad_fork_free_pid;
+
+ pidfd = retval;
+ retval = put_user(pidfd, parent_tidptr);
+ if (retval)
+ goto bad_fork_put_pidfd;
+ }
Christian
