[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-kernel
Subject: [PATCH]: 2.4/2.6 do_fork() error path memory leak
From: john.l.byrne () hp ! com
Date: 2004-04-08 2:14:08
Message-ID: E1BBP3Q-0007o9-00 () kahuna ! lax ! cpqcorp ! net
[Download RAW message or body]
In do_fork(), if an error occurs after the mm_struct for the child has
been allocated, it is never freed. The exit_mm() meant to free it
increments the mm_count and this count is never decremented. (For a
running process that is exitting, schedule() takes care this; however,
the child process being cleaned up is not running.) In the CLONE_VM
case, the parent's mm_struct will get an extra mm_count and so it will
never be freed.
This patch against 2.4.25 should fix both the CLONE_VM and the not
CLONE_VM case; the test of p->active_mm prevents a panic in the case
that a kernel-thread is being cloned.
It looks from the code that the problem exists in 2.6 as well; I can
send a separate patch for that, if necessary.
John Byrne
diff -Nar -U 4 linux-2.4.25/kernel/fork.c linux-2.4.25-new/kernel/fork.c
--- linux-2.4.25/kernel/fork.c 2004-02-18 05:36:32.000000000 -0800
+++ linux-2.4.25-new/kernel/fork.c 2004-04-07 17:43:29.000000000 -0700
@@ -825,8 +825,10 @@
bad_fork_cleanup_namespace:
exit_namespace(p);
bad_fork_cleanup_mm:
exit_mm(p);
+ if (p->active_mm)
+ mmdrop(p->active_mm);
bad_fork_cleanup_sighand:
exit_sighand(p);
bad_fork_cleanup_fs:
exit_fs(p); /* blocking */
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic