Commit 467e9f4b5086a60a5cb2e032ccaf4a31abadc4c2
Committed by
Linus Torvalds
Linus Torvalds
1 parent
3e733f071e
Exists in
master
and in
4 other branches
fix create_new_namespaces() return value
dup_mnt_ns() and clone_uts_ns() return NULL on failure. This is wrong, create_new_namespaces() uses ERR_PTR() to catch an error. This means that the subsequent create_new_namespaces() will hit BUG_ON() in copy_mnt_ns() or copy_utsname(). Modify create_new_namespaces() to also use the errors returned by the copy_*_ns routines and not to systematically return ENOMEM. [oleg@tv-sign.ru: better changelog] Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Cc: Serge E. Hallyn <serue@us.ibm.com> Cc: Badari Pulavarty <pbadari@us.ibm.com> Cc: Pavel Emelianov <xemul@openvz.org> Cc: Herbert Poetzl <herbert@13thfloor.at> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Showing 4 changed files with 28 additions and 15 deletions Side-by-side Diff
fs/namespace.c
| ... | ... | @@ -1451,7 +1451,7 @@ |
| 1451 | 1451 | |
| 1452 | 1452 | new_ns = kmalloc(sizeof(struct mnt_namespace), GFP_KERNEL); |
| 1453 | 1453 | if (!new_ns) |
| 1454 | - return NULL; | |
| 1454 | + return ERR_PTR(-ENOMEM); | |
| 1455 | 1455 | |
| 1456 | 1456 | atomic_set(&new_ns->count, 1); |
| 1457 | 1457 | INIT_LIST_HEAD(&new_ns->list); |
| ... | ... | @@ -1465,7 +1465,7 @@ |
| 1465 | 1465 | if (!new_ns->root) { |
| 1466 | 1466 | up_write(&namespace_sem); |
| 1467 | 1467 | kfree(new_ns); |
| 1468 | - return NULL; | |
| 1468 | + return ERR_PTR(-ENOMEM);; | |
| 1469 | 1469 | } |
| 1470 | 1470 | spin_lock(&vfsmount_lock); |
| 1471 | 1471 | list_add_tail(&new_ns->list, &new_ns->root->mnt_list); |
kernel/nsproxy.c
| ... | ... | @@ -58,30 +58,41 @@ |
| 58 | 58 | struct fs_struct *new_fs) |
| 59 | 59 | { |
| 60 | 60 | struct nsproxy *new_nsp; |
| 61 | + int err; | |
| 61 | 62 | |
| 62 | 63 | new_nsp = clone_nsproxy(tsk->nsproxy); |
| 63 | 64 | if (!new_nsp) |
| 64 | 65 | return ERR_PTR(-ENOMEM); |
| 65 | 66 | |
| 66 | 67 | new_nsp->mnt_ns = copy_mnt_ns(flags, tsk->nsproxy->mnt_ns, new_fs); |
| 67 | - if (IS_ERR(new_nsp->mnt_ns)) | |
| 68 | + if (IS_ERR(new_nsp->mnt_ns)) { | |
| 69 | + err = PTR_ERR(new_nsp->mnt_ns); | |
| 68 | 70 | goto out_ns; |
| 71 | + } | |
| 69 | 72 | |
| 70 | 73 | new_nsp->uts_ns = copy_utsname(flags, tsk->nsproxy->uts_ns); |
| 71 | - if (IS_ERR(new_nsp->uts_ns)) | |
| 74 | + if (IS_ERR(new_nsp->uts_ns)) { | |
| 75 | + err = PTR_ERR(new_nsp->uts_ns); | |
| 72 | 76 | goto out_uts; |
| 77 | + } | |
| 73 | 78 | |
| 74 | 79 | new_nsp->ipc_ns = copy_ipcs(flags, tsk->nsproxy->ipc_ns); |
| 75 | - if (IS_ERR(new_nsp->ipc_ns)) | |
| 80 | + if (IS_ERR(new_nsp->ipc_ns)) { | |
| 81 | + err = PTR_ERR(new_nsp->ipc_ns); | |
| 76 | 82 | goto out_ipc; |
| 83 | + } | |
| 77 | 84 | |
| 78 | 85 | new_nsp->pid_ns = copy_pid_ns(flags, tsk->nsproxy->pid_ns); |
| 79 | - if (IS_ERR(new_nsp->pid_ns)) | |
| 86 | + if (IS_ERR(new_nsp->pid_ns)) { | |
| 87 | + err = PTR_ERR(new_nsp->pid_ns); | |
| 80 | 88 | goto out_pid; |
| 89 | + } | |
| 81 | 90 | |
| 82 | 91 | new_nsp->user_ns = copy_user_ns(flags, tsk->nsproxy->user_ns); |
| 83 | - if (IS_ERR(new_nsp->user_ns)) | |
| 92 | + if (IS_ERR(new_nsp->user_ns)) { | |
| 93 | + err = PTR_ERR(new_nsp->user_ns); | |
| 84 | 94 | goto out_user; |
| 95 | + } | |
| 85 | 96 | |
| 86 | 97 | return new_nsp; |
| 87 | 98 | |
| ... | ... | @@ -99,7 +110,7 @@ |
| 99 | 110 | put_mnt_ns(new_nsp->mnt_ns); |
| 100 | 111 | out_ns: |
| 101 | 112 | kfree(new_nsp); |
| 102 | - return ERR_PTR(-ENOMEM); | |
| 113 | + return ERR_PTR(err); | |
| 103 | 114 | } |
| 104 | 115 | |
| 105 | 116 | /* |
kernel/user_namespace.c
| ... | ... | @@ -34,7 +34,7 @@ |
| 34 | 34 | |
| 35 | 35 | ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL); |
| 36 | 36 | if (!ns) |
| 37 | - return NULL; | |
| 37 | + return ERR_PTR(-ENOMEM); | |
| 38 | 38 | |
| 39 | 39 | kref_init(&ns->kref); |
| 40 | 40 | |
| ... | ... | @@ -45,7 +45,7 @@ |
| 45 | 45 | ns->root_user = alloc_uid(ns, 0); |
| 46 | 46 | if (!ns->root_user) { |
| 47 | 47 | kfree(ns); |
| 48 | - return NULL; | |
| 48 | + return ERR_PTR(-ENOMEM); | |
| 49 | 49 | } |
| 50 | 50 | |
| 51 | 51 | /* Reset current->user with a new one */ |
| ... | ... | @@ -53,7 +53,7 @@ |
| 53 | 53 | if (!new_user) { |
| 54 | 54 | free_uid(ns->root_user); |
| 55 | 55 | kfree(ns); |
| 56 | - return NULL; | |
| 56 | + return ERR_PTR(-ENOMEM); | |
| 57 | 57 | } |
| 58 | 58 | |
| 59 | 59 | switch_uid(new_user); |
kernel/utsname.c
| ... | ... | @@ -13,6 +13,7 @@ |
| 13 | 13 | #include <linux/uts.h> |
| 14 | 14 | #include <linux/utsname.h> |
| 15 | 15 | #include <linux/version.h> |
| 16 | +#include <linux/err.h> | |
| 16 | 17 | |
| 17 | 18 | /* |
| 18 | 19 | * Clone a new ns copying an original utsname, setting refcount to 1 |
| ... | ... | @@ -24,10 +25,11 @@ |
| 24 | 25 | struct uts_namespace *ns; |
| 25 | 26 | |
| 26 | 27 | ns = kmalloc(sizeof(struct uts_namespace), GFP_KERNEL); |
| 27 | - if (ns) { | |
| 28 | - memcpy(&ns->name, &old_ns->name, sizeof(ns->name)); | |
| 29 | - kref_init(&ns->kref); | |
| 30 | - } | |
| 28 | + if (!ns) | |
| 29 | + return ERR_PTR(-ENOMEM); | |
| 30 | + | |
| 31 | + memcpy(&ns->name, &old_ns->name, sizeof(ns->name)); | |
| 32 | + kref_init(&ns->kref); | |
| 31 | 33 | return ns; |
| 32 | 34 | } |
| 33 | 35 |