[PATCH]: 2.4/2.6 do_fork() error path memory leak

From: john . l . byrne
Date: Wed Apr 07 2004 - 21:15:51 EST

Next message: Zwane Mwaikambo: "[PATCH][2.6] Oprofile, ARM/XScale PMU driver"
Previous message: Andrew Morton: "Re: RFC: COW for hugepages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In do_fork(), if an error occurs after the mm_struct for the child has
been allocated, it is never freed. The exit_mm() meant to free it
increments the mm_count and this count is never decremented. (For a
running process that is exitting, schedule() takes care this; however,
the child process being cleaned up is not running.) In the CLONE_VM
case, the parent's mm_struct will get an extra mm_count and so it will
never be freed.

This patch against 2.4.25 should fix both the CLONE_VM and the not
CLONE_VM case; the test of p->active_mm prevents a panic in the case
that a kernel-thread is being cloned.

It looks from the code that the problem exists in 2.6 as well; I can
send a separate patch for that, if necessary.

John Byrne

diff -Nar -U 4 linux-2.4.25/kernel/fork.c linux-2.4.25-new/kernel/fork.c
--- linux-2.4.25/kernel/fork.c 2004-02-18 05:36:32.000000000 -0800
+++ linux-2.4.25-new/kernel/fork.c 2004-04-07 17:43:29.000000000 -0700
@@ -825,8 +825,10 @@
bad_fork_cleanup_namespace:
exit_namespace(p);
bad_fork_cleanup_mm:
exit_mm(p);
+ if (p->active_mm)
+ mmdrop(p->active_mm);
bad_fork_cleanup_sighand:
exit_sighand(p);
bad_fork_cleanup_fs:
exit_fs(p); /* blocking */

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Zwane Mwaikambo: "[PATCH][2.6] Oprofile, ARM/XScale PMU driver"
Previous message: Andrew Morton: "Re: RFC: COW for hugepages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]