The commit is pushed to "branch-rh7-3.10.0-123.1.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-123.1.2.vz7.4.9 ------> commit 3dd868ef8c2428e0d9c9e148d9a06f972c2f7ade Author: Oleg Nesterov <o...@redhat.com> Date: Tue May 5 16:27:10 2015 +0400
ms/exit: pidns: alloc_pid() leaks pid_namespace if child_reaper is exiting alloc_pid() does get_pid_ns() beforehand but forgets to put_pid_ns() if it fails because disable_pid_allocation() was called by the exiting child_reaper. We could simply move get_pid_ns() down to successful return, but this fix tries to be as trivial as possible. Signed-off-by: Oleg Nesterov <o...@redhat.com> Reviewed-by: "Eric W. Biederman" <ebied...@xmission.com> Cc: Aaron Tomlin <atom...@redhat.com> Cc: Pavel Emelyanov <xe...@parallels.com> Cc: Serge Hallyn <serge.hal...@ubuntu.com> Cc: Sterling Alexander <stale...@redhat.com> Cc: <sta...@vger.kernel.org> Signed-off-by: Andrew Morton <a...@linux-foundation.org> Signed-off-by: Linus Torvalds <torva...@linux-foundation.org> (cherry picked from commit 24c037ebf5723d4d9ab0996433cee4f96c292a4d) The memory leak was found by kmemleak: unreferenced object 0xffff880099efcec0 (size 2192): comm "vzctl", pid 11269, jiffies 4294743454 (age 315.703s) hex dump (first 32 bytes): 27 00 00 00 00 00 00 00 ff 7f 00 00 00 00 00 00 '............... 00 80 fa 6d 00 88 ff ff 00 80 00 00 00 00 00 00 ...m............ backtrace: [<ffffffff815af0de>] kmemleak_alloc+0x4e/0xb0 [<ffffffff8119d288>] kmem_cache_alloc+0x148/0x220 [<ffffffff810ec283>] copy_pid_ns+0xa3/0x360 [<ffffffff8108be93>] create_new_namespaces+0xd3/0x180 [<ffffffff8108c045>] copy_namespaces+0x75/0x110 [<ffffffff8105bf1f>] copy_process.part.34+0x90f/0x14e0 [<ffffffff8105cbfc>] do_fork+0xbc/0x350 [<ffffffff8105cf46>] SyS_clone+0x16/0x20 [<ffffffff815da4b9>] stub_clone+0x69/0x90 [<ffffffffffffffff>] 0xffffffffffffffff unreferenced object 0xffff88006dfa8000 (size 4096): comm "vzctl", pid 11269, jiffies 4294743454 (age 315.703s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff815af0de>] kmemleak_alloc+0x4e/0xb0 [<ffffffff8119d4b4>] kmem_cache_alloc_trace+0x154/0x240 [<ffffffff810ec2a8>] copy_pid_ns+0xc8/0x360 [<ffffffff8108be93>] create_new_namespaces+0xd3/0x180 [<ffffffff8108c045>] copy_namespaces+0x75/0x110 [<ffffffff8105bf1f>] copy_process.part.34+0x90f/0x14e0 [<ffffffff8105cbfc>] do_fork+0xbc/0x350 [<ffffffff8105cf46>] SyS_clone+0x16/0x20 [<ffffffff815da4b9>] stub_clone+0x69/0x90 [<ffffffffffffffff>] 0xffffffffffffffff Signed-off-by: Vladimir Davydov <vdavy...@parallels.com> --- kernel/pid.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/pid.c b/kernel/pid.c index f02eafe..5dd2a7e 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -336,6 +336,8 @@ out: out_unlock: spin_unlock_irq(&pidmap_lock); + put_pid_ns(ns); + out_free: while (++i <= ns->level) free_pidmap(pid->numbers + i); _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel