> From: Mike Rapoport <rppt@xxxxxxxxxxxxxxxxxx>
>
> We have a memleak in the ->new ctx if the uffd of the parent is closed
> before the fork event is read, nothing frees the new context.
>
> Reported-by: Andrea Arcangeli <aarcange@xxxxxxxxxx>
I think
Signed-off-by: Mike Rapoport <rppt@xxxxxxxxxxxxxxxxxx>
would be appropriate here.
> Signed-off-by: Andrea Arcangeli <aarcange@xxxxxxxxxx>
> ---
> fs/userfaultfd.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index d2f15a6..5087a69 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -548,6 +548,15 @@ static void userfaultfd_event_wait_completion(struct userfaultfd_ctx *ctx,
> if (ACCESS_ONCE(ctx->released) ||
> fatal_signal_pending(current)) {
> __remove_wait_queue(&ctx->event_wqh, &ewq->wq);
> + if (ewq->msg.event == UFFD_EVENT_FORK) {
> + struct userfaultfd_ctx *new;
> +
> + new = (struct userfaultfd_ctx *)
> + (unsigned long)
> + ewq->msg.arg.reserved.reserved1;
> +
> + userfaultfd_ctx_put(new);
> + }
> break;
> }
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
