From e2e103083eb3af79fd5976763251d116366f7ef0 Mon Sep 17 00:00:00 2001
From: Kirill Korotaev <dev@openvz.org>
Date: Fri, 13 Oct 2006 17:58:30 +0200
Subject: fix fdset leakage

When found, it is obvious.  nfds calculated when allocating fdsets is
rewritten by calculation of size of fdtable, and when we are unlucky, we
try to free fdsets of wrong size.

Found due to OpenVZ resource management (User Beancounters).

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
 fs/file.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'fs/file.c')

diff --git a/fs/file.c b/fs/file.c
index cea7cbea11d0..44ab07a080ec 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -283,11 +283,13 @@ static struct fdtable *alloc_fdtable(int nr)
 	} while (nfds <= nr);
 	new_fds = alloc_fd_array(nfds);
 	if (!new_fds)
-		goto out;
+		goto out2;
 	fdt->fd = new_fds;
 	fdt->max_fds = nfds;
 	fdt->free_files = NULL;
 	return fdt;
+out2:
+	nfds = fdt->max_fdset;
 out:
   	if (new_openset)
   		free_fdset(new_openset, nfds);
-- 
cgit v1.2.3