[PATCH] Handle init_new_context failures

From: Anton Blanchard <anton@samba.org> If init_new_context fails we definitely do not want to call mmput, because that will call destroy_context against an uninitialised context. Instead we should back out what we did in init_mm. Fixes some weird failures on ppc64 when running a fork bomb.
author: Andrew Morton <akpm@osdl.org> 2003-09-21 01:42:31 -0700
committer: Linus Torvalds <torvalds@home.osdl.org> 2003-09-21 01:42:31 -0700
commit: 1cfc080ae153e2dccf12b965c6e2da8cc996f18f (patch)
tree: 13e72ed5eda0993f9afa2748d9fc9fdb8fbe9136 /kernel/fork.c
parent: 81a706378eae4b9b97b8f28792c08f1f2397ee47 (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/kernel/fork.c b/kernel/fork.c
index 38badc50bebc..f2d3115483da 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -305,7 +305,7 @@ out:
 	return retval;
 fail_nomem:
 	retval = -ENOMEM;
-  fail:
+fail:
 	vm_unacct_memory(charge);
 	goto out;
 }
@@ -499,7 +499,7 @@ static int copy_mm(unsigned long clone_flags, struct task_struct * tsk)
 		goto fail_nomem;
 
 	if (init_new_context(tsk,mm))
-		goto free_pt;
+		goto fail_nocontext;
 
 	retval = dup_mmap(mm, oldmm);
 	if (retval)
@@ -514,6 +514,15 @@ free_pt:
 	mmput(mm);
 fail_nomem:
 	return retval;
+
+fail_nocontext:
+	/*
+	 * If init_new_context() failed, we cannot use mmput() to free the mm
+	 * because it calls destroy_context()
+	 */
+	mm_free_pgd(mm);
+	free_mm(mm);
+	return retval;
 }
 
 static inline struct fs_struct *__copy_fs_struct(struct fs_struct *old)
author	Andrew Morton <akpm@osdl.org>	2003-09-21 01:42:31 -0700
committer	Linus Torvalds <torvalds@home.osdl.org>	2003-09-21 01:42:31 -0700
commit	1cfc080ae153e2dccf12b965c6e2da8cc996f18f (patch)
tree	13e72ed5eda0993f9afa2748d9fc9fdb8fbe9136 /kernel/fork.c
parent	81a706378eae4b9b97b8f28792c08f1f2397ee47 (diff)