From d9565182fdf343312aade7e1b95bf5f2ba7f89f9 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Mon, 17 Aug 2020 21:30:49 +0000
Subject: [PATCH] Remove "emulation" of clone(CLONE_PARENT | CLONE_THREAD).

On Linux this is supposed to result in EINVAL.

Reported by:	syzkaller
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
---
 sys/compat/linux/linux_fork.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/sys/compat/linux/linux_fork.c b/sys/compat/linux/linux_fork.c
index 0c772ea5cb4..b46266c861f 100644
--- a/sys/compat/linux/linux_fork.c
+++ b/sys/compat/linux/linux_fork.c
@@ -244,6 +244,8 @@ linux_clone_thread(struct thread *td, struct linux_clone_args *args)
 	    td->td_tid, (unsigned)args->flags,
 	    args->parent_tidptr, args->child_tidptr);
 
+	if ((args->flags & LINUX_CLONE_PARENT) != 0)
+		return (EINVAL);
 	if (args->flags & LINUX_CLONE_PARENT_SETTID)
 		if (args->parent_tidptr == NULL)
 			return (EINVAL);
@@ -304,13 +306,9 @@ linux_clone_thread(struct thread *td, struct linux_clone_args *args)
 
 	PROC_LOCK(p);
 	p->p_flag |= P_HADTHREADS;
+	thread_link(newtd, p);
 	bcopy(p->p_comm, newtd->td_name, sizeof(newtd->td_name));
 
-	if (args->flags & LINUX_CLONE_PARENT)
-		thread_link(newtd, p->p_pptr);
-	else
-		thread_link(newtd, p);
-
 	thread_lock(td);
 	/* let the scheduler know about these things. */
 	sched_fork_thread(td, newtd);