coredump: fix error handling for replace_fd()

commit 95c5f43181fe9c1b5e5a4bd3281c857a5259991f upstream.

The replace_fd() helper returns the file descriptor number on success
and a negative error code on failure. The current error handling in
umh_pipe_setup() only works because the file descriptor that is replaced
is zero but that's pretty volatile. Explicitly check for a negative
error code.

Link: https://lore.kernel.org/20250414-work-coredump-v2-2-685bf231f828@kernel.org
Tested-by: Luca Boccassi <luca.boccassi@gmail.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/coredump.c b/fs/coredump.c
index 4ebec51fe4f22afa062f66ded8858a7ca9d04f14..e2a9234473766c4d3ca96a9d69d316967c724d8d 100644 (file)
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -507,7 +507,9 @@ static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
 {
        struct file *files[2];
        struct coredump_params *cp = (struct coredump_params *)info->data;
-       int err = create_pipe_files(files, 0);
+       int err;
+
+       err = create_pipe_files(files, 0);
        if (err)
                return err;
 
@@ -515,10 +517,13 @@ static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
 
        err = replace_fd(0, files[0], 0);
        fput(files[0]);
+       if (err < 0)
+               return err;
+
        /* and disallow core files too */
        current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1};
 
-       return err;
+       return 0;
 }
 
 void do_coredump(const kernel_siginfo_t *siginfo)