From 35c9701ea717dc548f1fab5bfa286be98c1bade8 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 11 Apr 2025 15:22:44 +0200 Subject: exit: move wake_up_all() pidfd waiters into __unhash_process() Move the pidfd notification out of __change_pid() and into __unhash_process(). The only valid call to __change_pid() with a NULL argument and PIDTYPE_PID is from __unhash_process(). This is a lot more obvious than calling it from __change_pid(). Link: https://lore.kernel.org/20250411-work-pidfs-enoent-v2-1-60b2d3bb545f@kernel.org Reviewed-by: Oleg Nesterov Signed-off-by: Christian Brauner --- kernel/pid.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'kernel/pid.c') diff --git a/kernel/pid.c b/kernel/pid.c index 4ac2ce46817f..26f1e136f017 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -359,11 +359,6 @@ static void __change_pid(struct pid **pids, struct task_struct *task, hlist_del_rcu(&task->pid_links[type]); *pid_ptr = new; - if (type == PIDTYPE_PID) { - WARN_ON_ONCE(pid_has_task(pid, PIDTYPE_PID)); - wake_up_all(&pid->wait_pidfd); - } - for (tmp = PIDTYPE_MAX; --tmp >= 0; ) if (pid_has_task(pid, tmp)) return; -- cgit v1.2.3 From db56723ceaec87aa5cf871e623f464934b266228 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 6 May 2025 13:55:54 +0200 Subject: pidfs: detect refcount bugs Now that we have pidfs_{get,register}_pid() that needs to be paired with pidfs_put_pid() it's possible that someone pairs them with put_pid(). Thus freeing struct pid while it's still used by pidfs. Notice when that happens. I'll also add a scheme to detect invalid uses of pidfs_get_pid() and pidfs_put_pid() later. Link: https://lore.kernel.org/20250506-uferbereich-guttun-7c8b1a0a431f@brauner Signed-off-by: Christian Brauner --- kernel/pid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'kernel/pid.c') diff --git a/kernel/pid.c b/kernel/pid.c index 26f1e136f017..8317bcbc7cf7 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -100,6 +100,7 @@ void put_pid(struct pid *pid) ns = pid->numbers[pid->level].ns; if (refcount_dec_and_test(&pid->count)) { + WARN_ON_ONCE(pid->stashed); kmem_cache_free(ns->pid_cachep, pid); put_pid_ns(ns); } -- cgit v1.2.3