On Wed, Feb 25, 2026 at 5:33 AM Pavel Tikhomirov <[email protected]> wrote: > > This moves the condition (tid != 1 && !tmp->child_reaper) to after idr > alloc, so it not only covers that first process in pid namespace has pid > 1 in case of clone3(set_tid) requesting wrong pid, but also if idr > itself gives wrong pid for some reason. > > This could've been the case before this patch, when creating first > process the alloc_pid()->pidfs_add_pid() code path fails, so that the > idr->idr_next is non zero anymore and next process calling to > alloc_pid(), will get 2 as a pid from idr_alloc_cyclic(). Though thanks > to PIDNS_ADDING logic, free_pid() disables further pid allocation in > this case and it does not lead to any real problem. > > Note: This is also a preparation for the next patch in the series, which > will introduce an ability of creating init from the task different to > the task which had created the pid namespace. Needed to make sure that > init is always first, even in this new case. > > Suggested-by: Oleg Nesterov <[email protected]> > Signed-off-by: Oleg Nesterov <[email protected]> > Signed-off-by: Pavel Tikhomirov <[email protected]>
Acked-by: Andrei Vagin <[email protected]> Thanks, Andrei
