Matthew Wilcox <wi...@infradead.org> writes: > The failure path removes the allocated PIDs from the wrong namespace. > I believe this is correct, but have not tested it. Spotted by inspection, > do we have a test suite for PID namespaces? Some error injection, > perhaps? > > Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR API") > Acked-by: "Eric W. Biederman" <ebied...@xmission.com>
> diff --git a/kernel/pid.c b/kernel/pid.c > index b2f6c506035da..75264e0d1e71d 100644 > --- a/kernel/pid.c > +++ b/kernel/pid.c > @@ -233,8 +233,11 @@ struct pid *alloc_pid(struct pid_namespace *ns) > > out_free: > spin_lock_irq(&pidmap_lock); > - while (++i <= ns->level) > - idr_remove(&ns->idr, (pid->numbers + i)->nr); > + upid = pid->numbers + i; > + while (++i <= ns->level) { > + upid++; > + idr_remove(&upid->ns->idr, upid->nr); > + } > > /* On failure to allocate the first pid, reset the state */ > if (ns->pid_allocated == PIDNS_ADDING)