[PATCH] fix fdset leakage

When found, it is obvious. nfds calculated when allocating fdsets is rewritten by calculation of size of fdtable, and when we are unlucky, we try to free fdsets of wrong size. Found due to OpenVZ resource management (User Beancounters). Signed-off-by: N Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: N Kirill Korotaev <dev@openvz.org> Cc: <stable@kernel.org> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>

[PATCH] fix fdset leakage
When found, it is obvious. nfds calculated when allocating fdsets is rewritten by calculation of size of fdtable, and when we are unlucky, we try to free fdsets of wrong size. Found due to OpenVZ resource management (User Beancounters). Signed-off-by: N Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: N Kirill Korotaev <dev@openvz.org> Cc: <stable@kernel.org> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>
d579091b · Kirill Korotaev · Linus Torvalds · abf75a50 · d579091b
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

fs/file.c fs/file.c +3 -1

未找到文件。
--- a/fs/file.c
+++ b/fs/file.c
@@ -273,11 +273,13 @@ static struct fdtable *alloc_fdtable(int nr)
 	} while (nfds <= nr);
 	new_fds = alloc_fd_array(nfds);
 	if (!new_fds)
-		goto out;
+		goto out2;
 	fdt->fd = new_fds;
 	fdt->max_fds = nfds;
 	fdt->free_files = NULL;
 	return fdt;
+out2:
+	nfds = fdt->max_fdset;
 out:
  	if (new_openset)
  		free_fdset(new_openset, nfds);