Commit 23868940 authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] do_fork() error path memory leak

From: <john.l.byrne@hp.com>

In do_fork(), if an error occurs after the mm_struct for the child has been
allocated, it is never freed.  The exit_mm() meant to free it increments
the mm_count and this count is never decremented.  (For a running process
that is exitting, schedule() takes care this; however, the child process
being cleaned up is not running.) In the CLONE_VM case, the parent's
mm_struct will get an extra mm_count and so it will never be freed.

This patch should fix both the CLONE_VM and the not CLONE_VM case; the test
of p->active_mm prevents a panic in the case that a kernel-thread is being
cloned.
parent 94ce3185
...@@ -1086,6 +1086,8 @@ struct task_struct *copy_process(unsigned long clone_flags, ...@@ -1086,6 +1086,8 @@ struct task_struct *copy_process(unsigned long clone_flags,
exit_namespace(p); exit_namespace(p);
bad_fork_cleanup_mm: bad_fork_cleanup_mm:
exit_mm(p); exit_mm(p);
if (p->active_mm)
mmdrop(p->active_mm);
bad_fork_cleanup_signal: bad_fork_cleanup_signal:
exit_signal(p); exit_signal(p);
bad_fork_cleanup_sighand: bad_fork_cleanup_sighand:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment