[Devel] [PATCH RHEL7 COMMIT] Fix a leak in socket(2) when we fail to allocate a file descriptor.

Vasily Averin vvs at virtuozzo.com
Thu Sep 2 20:18:39 MSK 2021


The commit is pushed to "branch-rh7-3.10.0-1160.41.1.vz7.183.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.41.1.vz7.183.1
------>
commit ac48402fff1222d8c1c033f15c6562b7633fad72
Author: Al Viro <viro at zeniv.linux.org.uk>
Date:   Thu Sep 2 20:18:39 2021 +0300

    Fix a leak in socket(2) when we fail to allocate a file descriptor.
    
    Got broken by "make sock_alloc_file() do sock_release() on failures" -
    cleanup after sock_map_fd() failure got pulled all the way into
    sock_alloc_file(), but it used to serve the case when sock_map_fd()
    failed *before* getting to sock_alloc_file() as well, and that got
    lost.  Trivial to fix, fortunately.
    
    Fixes: 8e1611e23579 (make sock_alloc_file() do sock_release() on failures)
    Reported-by: Dmitry Vyukov <dvyukov at google.com>
    Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
    
    We see that lldpad eats all kernel memory on the node with those leaked
    sockets constantly looping on SyS_socket with EMFILE error.
    
    https://jira.sw.ru/browse/PSBM-133610
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 net/socket.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/socket.c b/net/socket.c
index e720aa8..bcf98c0 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -403,8 +403,10 @@ static int sock_map_fd(struct socket *sock, int flags)
 {
 	struct file *newfile;
 	int fd = get_unused_fd_flags(flags);
-	if (unlikely(fd < 0))
+	if (unlikely(fd < 0)) {
+		sock_release(sock);
 		return fd;
+	}
 
 	newfile = sock_alloc_file(sock, flags, NULL);
 	if (likely(!IS_ERR(newfile))) {


More information about the Devel mailing list