This is a note to let you know that I've just added the patch titled pidfd: Add missing sock updates for pidfd_getfd() to the 5.7-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: pidfd-add-missing-sock-updates-for-pidfd_getfd.patch and it can be found in the queue-5.7 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 4969f8a073977123504609d7310b42a588297aa4 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook@xxxxxxxxxxxx> Date: Tue, 9 Jun 2020 16:21:38 -0700 Subject: pidfd: Add missing sock updates for pidfd_getfd() From: Kees Cook <keescook@xxxxxxxxxxxx> commit 4969f8a073977123504609d7310b42a588297aa4 upstream. The sock counting (sock_update_netprioidx() and sock_update_classid()) was missing from pidfd's implementation of received fd installation. Add a call to the new __receive_sock() helper. Cc: Christian Brauner <christian.brauner@xxxxxxxxxx> Cc: Christoph Hellwig <hch@xxxxxx> Cc: Sargun Dhillon <sargun@xxxxxxxxx> Cc: Jakub Kicinski <kuba@xxxxxxxxxx> Cc: netdev@xxxxxxxxxxxxxxx Cc: linux-kernel@xxxxxxxxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx Fixes: 8649c322f75c ("pid: Implement pidfd_getfd syscall") Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- kernel/pid.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/kernel/pid.c +++ b/kernel/pid.c @@ -42,6 +42,7 @@ #include <linux/sched/signal.h> #include <linux/sched/task.h> #include <linux/idr.h> +#include <net/sock.h> struct pid init_struct_pid = { .count = REFCOUNT_INIT(1), @@ -624,10 +625,12 @@ static int pidfd_getfd(struct pid *pid, } ret = get_unused_fd_flags(O_CLOEXEC); - if (ret < 0) + if (ret < 0) { fput(file); - else + } else { + __receive_sock(file); fd_install(ret, file); + } return ret; } Patches currently in stable-queue which might be from keescook@xxxxxxxxxxxx are queue-5.7/net-compat-add-missing-sock-updates-for-scm_rights.patch queue-5.7/pidfd-add-missing-sock-updates-for-pidfd_getfd.patch queue-5.7/selftests-seccomp-set-nnp-for-tsync-esrch-flag-test.patch