[Devel] [PATCH VZ10] ve/netns: fix ucount leak on dec_netns_avail error path
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Thu Oct 23 10:14:47 MSK 2025
Comited to rh10-6.12.0-55.13.1.2.12.vz10
On 10/15/25 17:42, Pavel Tikhomirov wrote:
> Before we check out netns available count we've already taken ucount for
> this netns, so we have to release this ucount back on error path.
>
> Note: It was broken likely on rebase to vz9, in vz7 it is correct. But
> since we don't have ve cgroup actively used in vz9 we can only apply it
> to vz10.
>
> https://virtuozzo.atlassian.net/browse/VSTOR-97997
> Fixes: 81efae37daf92 ("ve/netns: limit number of network namespaces per container")
> Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
> ---
> net/core/net_namespace.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
> index d0ed9da9995ab..4b2dfff1682a3 100644
> --- a/net/core/net_namespace.c
> +++ b/net/core/net_namespace.c
> @@ -519,13 +519,17 @@ struct net *copy_net_ns(unsigned long flags,
> #ifdef CONFIG_VE
> rv = dec_netns_avail(ve);
> if (rv < 0)
> - return ERR_PTR(rv);
> + goto dec_ucounts;
> #endif
>
> net = net_alloc();
> if (!net) {
> rv = -ENOMEM;
> +#ifdef CONFIG_VE
> + goto inc_avail_nr;
> +#else
> goto dec_ucounts;
> +#endif
> }
>
> preinit_net(net, user_ns);
> @@ -547,11 +551,12 @@ struct net *copy_net_ns(unsigned long flags,
> #endif
> put_user_ns(user_ns);
> net_free(net);
> -dec_ucounts:
> - dec_net_namespaces(ucounts);
> #ifdef CONFIG_VE
> +inc_avail_nr:
> inc_netns_avail(ve);
> #endif
> +dec_ucounts:
> + dec_net_namespaces(ucounts);
> return ERR_PTR(rv);
> }
> return net;
--
Best regards, Pavel Tikhomirov
Senior Software Developer, Virtuozzo.
More information about the Devel
mailing list