aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKirill Korotaev <dev@openvz.org>2006-07-12 12:03:05 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-07-12 15:52:54 -0400
commitd579091b4385e9386e244622d593fe064aa8e8e7 (patch)
treeb1fc0f3fef38d7580dc6bdf3b1842534126deda6
parentabf75a5033d4da7b8a7e92321d74021d1fcfb502 (diff)
[PATCH] fix fdset leakage
When found, it is obvious. nfds calculated when allocating fdsets is rewritten by calculation of size of fdtable, and when we are unlucky, we try to free fdsets of wrong size. Found due to OpenVZ resource management (User Beancounters). Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: Kirill Korotaev <dev@openvz.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/file.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/file.c b/fs/file.c
index 3f356086061d..c8f1b0af8e00 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -273,11 +273,13 @@ static struct fdtable *alloc_fdtable(int nr)
273 } while (nfds <= nr); 273 } while (nfds <= nr);
274 new_fds = alloc_fd_array(nfds); 274 new_fds = alloc_fd_array(nfds);
275 if (!new_fds) 275 if (!new_fds)
276 goto out; 276 goto out2;
277 fdt->fd = new_fds; 277 fdt->fd = new_fds;
278 fdt->max_fds = nfds; 278 fdt->max_fds = nfds;
279 fdt->free_files = NULL; 279 fdt->free_files = NULL;
280 return fdt; 280 return fdt;
281out2:
282 nfds = fdt->max_fdset;
281out: 283out:
282 if (new_openset) 284 if (new_openset)
283 free_fdset(new_openset, nfds); 285 free_fdset(new_openset, nfds);