Commit d579091b authored Jul 12, 2006 by Kirill Korotaev Committed by Linus Torvalds Jul 12, 2006

[PATCH] fix fdset leakage



When found, it is obvious.  nfds calculated when allocating fdsets is
rewritten by calculation of size of fdtable, and when we are unlucky, we
try to free fdsets of wrong size.

Found due to OpenVZ resource management (User Beancounters).

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

parent abf75a50

fs/file.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -273,11 +273,13 @@ static struct fdtable *alloc_fdtable(int nr)
		} while (nfds <= nr);
		new_fds = alloc_fd_array(nfds);
		if (!new_fds)
		goto out;
		goto out2;
		fdt->fd = new_fds;
		fdt->max_fds = nfds;
		fdt->free_files = NULL;
		return fdt;
		out2:
		nfds = fdt->max_fdset;
		out:
		if (new_openset)
		free_fdset(new_openset, nfds);