Hello Eric,
On Sun, Sep 13, 2015 at 06:57:27PM -0500, Eric Biggers wrote:
> Signed-off-by: Eric Biggers <ebiggers3@xxxxxxxxx>
> ---
> fs/userfaultfd.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index 634e676..f9aeb40 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -1287,8 +1287,10 @@ static struct file *userfaultfd_file_create(int flags)
>
> file = anon_inode_getfile("[userfaultfd]", &userfaultfd_fops, ctx,
> O_RDWR | (flags & UFFD_SHARED_FCNTL_FLAGS));
> - if (IS_ERR(file))
> + if (IS_ERR(file)) {
> + mmput(ctx->mm);
> kmem_cache_free(userfaultfd_ctx_cachep, ctx);
> + }
> out:
> return file;
> }
This bug would have generated a memleak in the error code path (which
could only run if running out of files or memory, unfortunately not a
condition that gets routinely exercised).
It's great you spotted it now, we can fix it before final 4.3. I'll
forward it to Andrew to be sure it's not missed.
Thanks,
Andrea
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>