Bug 175143

Summary: sys_io_setup() can leak an mm reference on failure
Product: Red Hat Enterprise Linux 3 Reporter: Zach Brown <zach.brown>
Component: kernelAssignee: Jeff Moyer <jmoyer>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: greg.marsden, petrides, spike_white, tao
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHSA-2006-0437 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-07-20 13:37:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 181405    
Attachments:
Description Flags
drop mm ref in ioctx_alloc() exit path; against 2.4.21-32 none

Description Zach Brown 2005-12-06 22:20:34 UTC 
sys_io_setup() can leak an mm_context reference in a failure path.  This was
found when trying to figure out why shared mem segment attachments weren't being
torn down after all the tasks that attached them had exited.  A patch that drops
the reference is attached and similar code is found in the equivalent 2.6
failure path.
Comment 1 Zach Brown 2005-12-06 22:20:35 UTC 
Created attachment 121948 [details]
drop mm ref in ioctx_alloc() exit path; against 2.4.21-32
Comment 2 Jeff Moyer 2005-12-06 23:55:52 UTC 
Good catch.  Would I be correct to assume that you are going to post the
upstream version of this patch (for 2.6)?

I'll try to cook up a reproducer for this.

Thanks,
Jeff
Comment 3 Zach Brown 2005-12-07 15:25:59 UTC 
> Would I be correct to assume that you are going to post the
> upstream version of this patch (for 2.6)?

You would have been correct to assume that, yeah, but 2.6 already has the fix :)
Comment 5 Ernie Petrides 2005-12-09 01:19:39 UTC 
*** Bug 172809 has been marked as a duplicate of this bug. ***
Comment 7 Jeff Moyer 2005-12-12 17:48:22 UTC 
The patch has been posted for internal review.
Comment 15 Ernie Petrides 2006-02-16 00:49:20 UTC 
A fix for this problem has just been committed to the RHEL3 U8
patch pool this evening (in kernel version 2.4.21-40.1.EL).
Comment 20 Red Hat Bugzilla 2006-07-20 13:37:22 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0437.html