pidfs: fix pidfs_free_pid()

Ensure that we handle the case where task creation fails and pid->attr
was never accessed at all.

Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/pidfs.c b/fs/pidfs.c
index ba526fdd4c4d6cb82397268c55bdf8b9daf0e0a2..47f5f9e0bdffa5fcd8a977d20dc10abef11ba228 100644 (file)
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -150,18 +150,20 @@ void pidfs_free_pid(struct pid *pid)
         */
        VFS_WARN_ON_ONCE(pid->stashed);
 
-       if (IS_ERR(attr))
-               return;
-
        /*
-        * Any dentry must've been wiped from the pid by now. Otherwise
-        * there's a reference count bug.
+        * This if an error occurred during e.g., task creation that
+        * causes us to never go through the exit path.
         */
-       VFS_WARN_ON_ONCE(pid->stashed);
+       if (unlikely(!attr))
+               return;
+
+       /* This never had a pidfd created. */
+       if (IS_ERR(attr))
+               return;
 
-       xattrs = attr->xattrs;
+       xattrs = no_free_ptr(attr->xattrs);
        if (xattrs)
-               simple_xattrs_free(attr->xattrs, NULL);
+               simple_xattrs_free(xattrs, NULL);
 }
 
 #ifdef CONFIG_PROC_FS