Commit 1cfc080a authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] Handle init_new_context failures

From: Anton Blanchard <anton@samba.org>

If init_new_context fails we definitely do not want to call mmput, because
that will call destroy_context against an uninitialised context.  Instead
we should back out what we did in init_mm.  Fixes some weird failures on
ppc64 when running a fork bomb.
parent 81a70637
...@@ -305,7 +305,7 @@ static inline int dup_mmap(struct mm_struct * mm, struct mm_struct * oldmm) ...@@ -305,7 +305,7 @@ static inline int dup_mmap(struct mm_struct * mm, struct mm_struct * oldmm)
return retval; return retval;
fail_nomem: fail_nomem:
retval = -ENOMEM; retval = -ENOMEM;
fail: fail:
vm_unacct_memory(charge); vm_unacct_memory(charge);
goto out; goto out;
} }
...@@ -499,7 +499,7 @@ static int copy_mm(unsigned long clone_flags, struct task_struct * tsk) ...@@ -499,7 +499,7 @@ static int copy_mm(unsigned long clone_flags, struct task_struct * tsk)
goto fail_nomem; goto fail_nomem;
if (init_new_context(tsk,mm)) if (init_new_context(tsk,mm))
goto free_pt; goto fail_nocontext;
retval = dup_mmap(mm, oldmm); retval = dup_mmap(mm, oldmm);
if (retval) if (retval)
...@@ -514,6 +514,15 @@ static int copy_mm(unsigned long clone_flags, struct task_struct * tsk) ...@@ -514,6 +514,15 @@ static int copy_mm(unsigned long clone_flags, struct task_struct * tsk)
mmput(mm); mmput(mm);
fail_nomem: fail_nomem:
return retval; return retval;
fail_nocontext:
/*
* If init_new_context() failed, we cannot use mmput() to free the mm
* because it calls destroy_context()
*/
mm_free_pgd(mm);
free_mm(mm);
return retval;
} }
static inline struct fs_struct *__copy_fs_struct(struct fs_struct *old) static inline struct fs_struct *__copy_fs_struct(struct fs_struct *old)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment