If unshare_nsproxy_namespaces() successfully creates the new_nsproxy, but then set_cred_ucounts() fails, on its error path there is no cleanup for new_nsproxy, so it is leaked. Let's fix that by freeing new_nsproxy if it's not NULL on this error path.
https://virtuozzo.atlassian.net/browse/VSTOR-118289 Fixes: 905ae01c4ae2a ("Add a reference to ucounts for each cred") Link: https://lore.kernel.org/all/[email protected]/ Signed-off-by: Pavel Tikhomirov <[email protected]> Feature: fix ms/unshare --- kernel/fork.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/fork.c b/kernel/fork.c index 95c0889a4b63b..f215fd4beec86 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -3334,8 +3334,11 @@ int ksys_unshare(unsigned long unshare_flags) if (new_cred) { err = set_cred_ucounts(new_cred); - if (err) + if (err) { + if (new_nsproxy) + free_nsproxy(new_nsproxy); goto bad_unshare_cleanup_cred; + } } if (new_fs || new_fd || do_sysvsem || new_cred || new_nsproxy) { -- 2.51.1 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
