diff options
| author | Lee Schermerhorn <Lee.Schermerhorn@hp.com> | 2010-06-29 18:05:30 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-06-29 18:29:31 -0400 |
| commit | 5c0c165490e763eddcbb0b6c8c41ab5cc11ddea0 (patch) | |
| tree | 729ad93071eaf065e7dfb7c7d94b0207b2eced8e /mm | |
| parent | 56480287f9776adc5b1a7a335ef62a9b9879ad7f (diff) | |
mempolicy: fix dangling reference to tmpfs superblock mpol
My patch to "Factor out duplicate put/frees in mpol_shared_policy_init()
to a common return path"; and Dan Carpenter's fix thereto both left a
dangling reference to the incoming tmpfs superblock mempolicy structure.
A similar leak was introduced earlier when the nodemask was moved offstack
to the scratch area despite the note in the comment block regarding the
incoming ref.
Move the remaining 'put of the incoming "mpol" to the common exit path to
drop the reference.
Signed-off-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
Acked-by: Dan Carpenter <error27@gmail.com>
Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Christoph Lameter <cl@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm')
| -rw-r--r-- | mm/mempolicy.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 5d6fb339de03..5bc0a96beb51 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c | |||
| @@ -2094,7 +2094,7 @@ void mpol_shared_policy_init(struct shared_policy *sp, struct mempolicy *mpol) | |||
| 2094 | NODEMASK_SCRATCH(scratch); | 2094 | NODEMASK_SCRATCH(scratch); |
| 2095 | 2095 | ||
| 2096 | if (!scratch) | 2096 | if (!scratch) |
| 2097 | return; | 2097 | goto put_mpol; |
| 2098 | /* contextualize the tmpfs mount point mempolicy */ | 2098 | /* contextualize the tmpfs mount point mempolicy */ |
| 2099 | new = mpol_new(mpol->mode, mpol->flags, &mpol->w.user_nodemask); | 2099 | new = mpol_new(mpol->mode, mpol->flags, &mpol->w.user_nodemask); |
| 2100 | if (IS_ERR(new)) | 2100 | if (IS_ERR(new)) |
| @@ -2103,19 +2103,20 @@ void mpol_shared_policy_init(struct shared_policy *sp, struct mempolicy *mpol) | |||
| 2103 | task_lock(current); | 2103 | task_lock(current); |
| 2104 | ret = mpol_set_nodemask(new, &mpol->w.user_nodemask, scratch); | 2104 | ret = mpol_set_nodemask(new, &mpol->w.user_nodemask, scratch); |
| 2105 | task_unlock(current); | 2105 | task_unlock(current); |
| 2106 | mpol_put(mpol); /* drop our ref on sb mpol */ | ||
| 2107 | if (ret) | 2106 | if (ret) |
| 2108 | goto put_free; | 2107 | goto put_new; |
| 2109 | 2108 | ||
| 2110 | /* Create pseudo-vma that contains just the policy */ | 2109 | /* Create pseudo-vma that contains just the policy */ |
| 2111 | memset(&pvma, 0, sizeof(struct vm_area_struct)); | 2110 | memset(&pvma, 0, sizeof(struct vm_area_struct)); |
| 2112 | pvma.vm_end = TASK_SIZE; /* policy covers entire file */ | 2111 | pvma.vm_end = TASK_SIZE; /* policy covers entire file */ |
| 2113 | mpol_set_shared_policy(sp, &pvma, new); /* adds ref */ | 2112 | mpol_set_shared_policy(sp, &pvma, new); /* adds ref */ |
| 2114 | 2113 | ||
| 2115 | put_free: | 2114 | put_new: |
| 2116 | mpol_put(new); /* drop initial ref */ | 2115 | mpol_put(new); /* drop initial ref */ |
| 2117 | free_scratch: | 2116 | free_scratch: |
| 2118 | NODEMASK_SCRATCH_FREE(scratch); | 2117 | NODEMASK_SCRATCH_FREE(scratch); |
| 2118 | put_mpol: | ||
| 2119 | mpol_put(mpol); /* drop our incoming ref on sb mpol */ | ||
| 2119 | } | 2120 | } |
| 2120 | } | 2121 | } |
| 2121 | 2122 | ||