for-linus-20190701

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE7btrcuORLb1XUhEwjrBW1T7ssS0FAl0aKR4ACgkQjrBW1T7s
 sS2kNhAAqjjTGNHdFLIPP35dDH+e/6xPVQIfteIQXHfus8QyKVDiNdvIMfCsdqEk
 Igm+7gx+LXBmDEpC7gb6ezr8onpvddy5pQYbjOGsQY9rYuvogzPy2K3HRDGqZuLX
 Ze8joMjgk052m0i+N9OSsOP1odScnlgu5HrI2qaT0H5xX1vSmDH07rDIuUkBT0HK
 A8eqGvU6Is34gJMCsalF+BcqEu0ce07hbr2gp+WHYyaa78u0gkTYh6DlMJRLKZQX
 Nj427EViXgvOSUDLk9/7rQc5ZUIgDfxDcw67eqnQeD9gQ72wg3YW2RtlLhjhkaNP
 8uZjeEltb3+ZOz/SiNJ66cetmD+khwSfIxFz5KCiOlVTqRiJK9XJp75V3t438YxF
 ih9aIrkl0GrWE+k4MBI/OQJqEx1I/o256OjwhB7/lfMMDePgSXeI7BCTqd6gK9go
 TqgAm4n3fWP2PN7gR752Dm4DGT551BeyiijUIuWAdS9CFWb1O5Vf8uk+XYT8TKM0
 7grGfBMqN/95jB0l8R+SnPGkQ6n4rEkDaYam75yPxW2aF3X2CQaCKt6xJZR6qOdz
 HGRiQ0Qcd3emPX2SYy/9EloT/URez6y7zsZeUYqhoF3XZCYUtcfhAbD1zZxHCG4e
 0gPJe+cBbLtUdqDpf+KJY8X6Mes+738UcMFU+Cs9tSTC2luGOMI=
 =Keym
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20190701' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux

Pull pidfd fork() fix from Christian Brauner:
 "A single small fix for copy_process() in kernel/fork.c:

  With Al's removal of ksys_close() from cleanup paths in copy_process()
  a bug was introduced. When anon_inode_getfile() failed the cleanup was
  correctly performed but the error code was not propagated to callers
  of copy_process() causing them to operate on a nonsensical pointer.

  The fix is a simple on-liner which makes sure that a proper negative
  error code is returned from copy_process().

  syzkaller has also verified that the bug is not reproducible with this
  fix"

* tag 'for-linus-20190701' of git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux:
  fork: return proper negative error code

kernel/fork.c

@@ -2036,6 +2036,7 @@ static __latent_entropy struct task_struct *copy_process(
 					      O_RDWR | O_CLOEXEC);
 		if (IS_ERR(pidfile)) {
 			put_unused_fd(pidfd);
+			retval = PTR_ERR(pidfile);
 			goto bad_fork_free_pid;
 		}
 		get_pid(pid);	/* held by pidfile now */