[PATCH] userfaultfd: add missing mmput() in error path

[PATCH] userfaultfd: add missing mmput() in error path

[Eric Biggers]

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
---
 fs/userfaultfd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 634e676..f9aeb40 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1287,8 +1287,10 @@ static struct file *userfaultfd_file_create(int flags)
 
 	file = anon_inode_getfile("[userfaultfd]", &userfaultfd_fops, ctx,
 				  O_RDWR | (flags & UFFD_SHARED_FCNTL_FLAGS));
-	if (IS_ERR(file))
+	if (IS_ERR(file)) {
+		mmput(ctx->mm);
 		kmem_cache_free(userfaultfd_ctx_cachep, ctx);
+	}
 out:
 	return file;
 }
-- 
2.4.3

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: [PATCH] userfaultfd: add missing mmput() in error path

[Andrea Arcangeli]

Hello Eric,

On Sun, Sep 13, 2015 at 06:57:27PM -0500, Eric Biggers wrote:
> Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
> ---
>  fs/userfaultfd.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
> index 634e676..f9aeb40 100644
> --- a/fs/userfaultfd.c
> +++ b/fs/userfaultfd.c
> @@ -1287,8 +1287,10 @@ static struct file *userfaultfd_file_create(int flags)
>  
>  	file = anon_inode_getfile("[userfaultfd]", &userfaultfd_fops, ctx,
>  				  O_RDWR | (flags & UFFD_SHARED_FCNTL_FLAGS));
> -	if (IS_ERR(file))
> +	if (IS_ERR(file)) {
> +		mmput(ctx->mm);
>  		kmem_cache_free(userfaultfd_ctx_cachep, ctx);
> +	}
>  out:
>  	return file;
>  }

This bug would have generated a memleak in the error code path (which
could only run if running out of files or memory, unfortunately not a
condition that gets routinely exercised).

It's great you spotted it now, we can fix it before final 4.3. I'll
forward it to Andrew to be sure it's not missed.

Thanks,
Andrea

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

[PATCH] userfaultfd: add missing mmput() in error path

[Andrea Arcangeli]

From: Eric Biggers <ebiggers3@gmail.com>

This fixes a memleak if anon_inode_getfile() fails in userfaultfd().

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
---
 fs/userfaultfd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
index 634e676..f9aeb40 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
@@ -1287,8 +1287,10 @@ static struct file *userfaultfd_file_create(int flags)
 
 	file = anon_inode_getfile("[userfaultfd]", &userfaultfd_fops, ctx,
 				  O_RDWR | (flags & UFFD_SHARED_FCNTL_FLAGS));
-	if (IS_ERR(file))
+	if (IS_ERR(file)) {
+		mmput(ctx->mm);
 		kmem_cache_free(userfaultfd_ctx_cachep, ctx);
+	}
 out:
 	return file;
 }

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>