On Mon, Sep 15, 2025 at 01:07:06PM +0200, Jan Kara wrote:
> On Fri 12-09-25 13:52:34, Christian Brauner wrote:
> > Don't cargo-cult the same thing over and over.
> >
> > Signed-off-by: Christian Brauner <[email protected]>
>
> ...
>
> > @@ -559,7 +572,9 @@ struct net *copy_net_ns(unsigned long flags,
> > goto dec_ucounts;
> > }
> >
> > - preinit_net(net, user_ns);
> > + rv = preinit_net(net, user_ns);
> > + if (rv < 0)
> > + goto dec_ucounts;
>
> Umm, this seems to be leaking 'net' on error exit.
Sorry about this:
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 5fb7bd8ac45a..466de530c495 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -572,12 +572,13 @@ struct net *copy_net_ns(unsigned long flags,
goto dec_ucounts;
}
- rv = preinit_net(net, user_ns);
- if (rv < 0)
- goto dec_ucounts;
net->ucounts = ucounts;
get_user_ns(user_ns);
+ rv = preinit_net(net, user_ns);
+ if (rv < 0)
+ goto put_userns;
+
rv = down_read_killable(&pernet_ops_rwsem);
if (rv < 0)
goto put_userns;
Thanks for noticing! Fixed in-tree.
