Unverified Commit abdfd494 authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Christian Brauner
Browse files

pid: make __task_pid_nr_ns(ns => NULL) safe for zombie callers 



task_pid_vnr(another_task) will crash if the caller was already reaped.
The pid_alive(current) check can't really help, the parent/debugger can
call release_task() right after this check.

This also means that even task_ppid_nr_ns(current, NULL) is not safe,
pid_alive() only ensures that it is safe to dereference ->real_parent.

Change __task_pid_nr_ns() to ensure ns != NULL.

Originally-by: default avatar高翔 <gaoxiang17@xiaomi.com>
Link: https://lore.kernel.org/all/20250802022123.3536934-1-gxxa03070307@gmail.com/


Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
Link: https://lore.kernel.org/20250810173604.GA19991@redhat.com


Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent 006568ab

kernel/pid.c

+2 −1
Original line number Diff line number Diff line
@@ -514,6 +514,7 @@ pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, 
	rcu_read_lock();

	if (!ns)

		ns = task_active_pid_ns(current);

	if (ns)

		nr = pid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);

	rcu_read_unlock();