From: Christian Brauner <brauner@kernel.org>
Date: Mon, 23 Jun 2025 12:50:30 +0000 (+0200)
Subject: pidfs: fix pidfs_free_pid()
X-Git-Tag: block-6.17-20250808~55^2~4
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=f077638b5f19080b877fd4cd15fc00558669aa6d;p=linux-block.git

pidfs: fix pidfs_free_pid()

Ensure that we handle the case where task creation fails and pid->attr
was never accessed at all.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---

diff --git a/fs/pidfs.c b/fs/pidfs.c
index ba526fdd4c4d..47f5f9e0bdff 100644
--- a/fs/pidfs.c
+++ b/fs/pidfs.c
@@ -150,18 +150,20 @@ void pidfs_free_pid(struct pid *pid)
 	 */
 	VFS_WARN_ON_ONCE(pid->stashed);
 
-	if (IS_ERR(attr))
-		return;
-
 	/*
-	 * Any dentry must've been wiped from the pid by now. Otherwise
-	 * there's a reference count bug.
+	 * This if an error occurred during e.g., task creation that
+	 * causes us to never go through the exit path.
 	 */
-	VFS_WARN_ON_ONCE(pid->stashed);
+	if (unlikely(!attr))
+		return;
+
+	/* This never had a pidfd created. */
+	if (IS_ERR(attr))
+		return;
 
-	xattrs = attr->xattrs;
+	xattrs = no_free_ptr(attr->xattrs);
 	if (xattrs)
-		simple_xattrs_free(attr->xattrs, NULL);
+		simple_xattrs_free(xattrs, NULL);
 }
 
 #ifdef CONFIG_PROC_FS