[PATCH] Fix memory leak in copy_thread

Patch from Andi Kleen <ak@muc.de> copy_thread could leak memory if you had a io bitmap and passed wrong arguments to the new clone flags.

[PATCH] Fix memory leak in copy_thread
Patch from Andi Kleen <ak@muc.de> copy_thread could leak memory if you had a io bitmap and passed wrong arguments to the new clone flags.
8a29d3f1 · Andrew Morton · Dave Jones · 1366cac2 · 8a29d3f1
Commit 8a29d3f1 authored Mar 17, 2003 by Andrew Morton Committed by Dave Jones Mar 17, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 4 deletions

arch/i386/kernel/process.c arch/i386/kernel/process.c +12 -4

No files found.
--- a/arch/i386/kernel/process.c
+++ b/arch/i386/kernel/process.c
@@ -290,6 +290,7 @@ int copy_thread(int nr, unsigned long clone_flags, unsigned long esp,
 {
 	struct pt_regs * childregs;
 	struct task_struct *tsk;
+	int err;
 	childregs = ((struct pt_regs *) (THREAD_SIZE + (unsigned long) p->thread_info)) - 1;
 	struct_cpy(childregs, regs);
@@ -322,20 +323,27 @@ int copy_thread(int nr, unsigned long clone_flags, unsigned long esp,
 		struct user_desc info;
 		int idx;
+		err = -EFAULT;
 		if (copy_from_user(&info, (void *)childregs->esi, sizeof(info)))
-			return -EFAULT;
+			goto out;
+		err = -EINVAL;
 		if (LDT_empty(&info))
-			return -EINVAL;
+			goto out;
 		idx = info.entry_number;
 		if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
-			return -EINVAL;
+			goto out;
 		desc = p->thread.tls_array + idx - GDT_ENTRY_TLS_MIN;
 		desc->a = LDT_entry_a(&info);
 		desc->b = LDT_entry_b(&info);
 	}
-	return 0;
+	err = 0;
+ out:
+	if (err && p->thread.ts_io_bitmap)
+		kfree(p->thread.ts_io_bitmap);
+	return err;
 }
 /*