pidfs: fix pidfs_free_pid()

Ensure that we handle the case where task creation fails and pid->attr
was never accessed at all.

Signed-off-by: Christian Brauner <[email protected]>

Author: brauner

fs/pidfs.c

@@ -150,18 +150,20 @@ void pidfs_free_pid(struct pid *pid)
 	 */
 	VFS_WARN_ON_ONCE(pid->stashed);
 
-	if (IS_ERR(attr))
-		return;
-
 	/*
-	 * Any dentry must've been wiped from the pid by now. Otherwise
-	 * there's a reference count bug.
+	 * This if an error occurred during e.g., task creation that
+	 * causes us to never go through the exit path.
 	 */
-	VFS_WARN_ON_ONCE(pid->stashed);
+	if (unlikely(!attr))
+		return;
+
+	/* This never had a pidfd created. */
+	if (IS_ERR(attr))
+		return;
 
-	xattrs = attr->xattrs;
+	xattrs = no_free_ptr(attr->xattrs);
 	if (xattrs)
-		simple_xattrs_free(attr->xattrs, NULL);
+		simple_xattrs_free(xattrs, NULL);
 }
 
 #ifdef CONFIG_PROC_FS