Before we check out netns available count we've already taken ucount for this netns, so we have to release this ucount back on error path.
Note: It was broken likely on rebase to vz9, in vz7 it is correct. But since we don't have ve cgroup actively used in vz9 we can only apply it to vz10. https://virtuozzo.atlassian.net/browse/VSTOR-97997 Fixes: 81efae37daf92 ("ve/netns: limit number of network namespaces per container") Signed-off-by: Pavel Tikhomirov <[email protected]> --- net/core/net_namespace.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index d0ed9da9995ab..4b2dfff1682a3 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -519,13 +519,17 @@ struct net *copy_net_ns(unsigned long flags, #ifdef CONFIG_VE rv = dec_netns_avail(ve); if (rv < 0) - return ERR_PTR(rv); + goto dec_ucounts; #endif net = net_alloc(); if (!net) { rv = -ENOMEM; +#ifdef CONFIG_VE + goto inc_avail_nr; +#else goto dec_ucounts; +#endif } preinit_net(net, user_ns); @@ -547,11 +551,12 @@ struct net *copy_net_ns(unsigned long flags, #endif put_user_ns(user_ns); net_free(net); -dec_ucounts: - dec_net_namespaces(ucounts); #ifdef CONFIG_VE +inc_avail_nr: inc_netns_avail(ve); #endif +dec_ucounts: + dec_net_namespaces(ucounts); return ERR_PTR(rv); } return net; -- 2.51.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
