From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-Id: <20120518211601.660505524@linuxfoundation.org> Date: Fri, 18 May 2012 14:16:23 -0700 From: Greg KH To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk, Mike Galbraith , Oleg Nesterov , "Eric W. Biederman" , Pavel Emelyanov , Cyrill Gorcunov , Louis Rilling Subject: [ 24/54] namespaces, pid_ns: fix leakage on fork() failure In-Reply-To: <20120518212656.GA4992@kroah.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: 3.0-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mike Galbraith commit 5e2bf0142231194d36fdc9596b36a261ed2b9fe7 upstream. Fork() failure post namespace creation for a child cloned with CLONE_NEWPID leaks pid_namespace/mnt_cache due to proc being mounted during creation, but not unmounted during cleanup. Call pid_ns_release_proc() during cleanup. Signed-off-by: Mike Galbraith Acked-by: Oleg Nesterov Reviewed-by: "Eric W. Biederman" Cc: Pavel Emelyanov Cc: Cyrill Gorcunov Cc: Louis Rilling Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- kernel/fork.c | 3 +++ 1 file changed, 3 insertions(+) --- a/kernel/fork.c +++ b/kernel/fork.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include @@ -1378,6 +1379,8 @@ bad_fork_cleanup_io: if (p->io_context) exit_io_context(p); bad_fork_cleanup_namespaces: + if (unlikely(clone_flags & CLONE_NEWPID)) + pid_ns_release_proc(p->nsproxy->pid_ns); exit_task_namespaces(p); bad_fork_cleanup_mm: if (p->mm) {