hulk inclusion category: bugfix bugzilla: 182255 CVE: NA ------------------------------------------------- When allocating futex_exit_mutex fails in copy_process(), it needs return an error code, or it will lead a null-ptr-deref when it's used in get_task_pid(). Fixes: 04d0e96b230ac ("futex: sched: fix kabi broken in task_struct") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: Cheng Jian <cj.chengjian@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- kernel/fork.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/fork.c b/kernel/fork.c index b4fee9799c153..adc8fc99246fb 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2000,8 +2000,10 @@ static __latent_entropy struct task_struct *copy_process( #endif futex_init_task(p); p->futex_exit_mutex = kmalloc(sizeof(struct mutex), GFP_KERNEL); - if (!p->futex_exit_mutex) + if (!p->futex_exit_mutex) { + retval = -ENOMEM; goto bad_fork_free_pid; + } mutex_init(p->futex_exit_mutex); /* -- 2.25.1