Commit 0b175a7e authored by Dipankar Sarma's avatar Dipankar Sarma Committed by Linus Torvalds

[PATCH] Fix the fdtable freeing in the case of vmalloced fdset/arrays

Noted by David Miller:

  "The bug is that free_fd_array() takes a "num" argument, but when
   calling it from __free_fdtable() we're instead passing in the size in
   bytes (ie.  "num * sizeof(struct file *)")."

Yes it is a bug. I think I messed it up while merging newer
changes with an older version where I was using size in bytes
to optimize.
Signed-off-by: default avatarDipankar Sarma <dipankar@in.ibm.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent c7e43c78
...@@ -69,13 +69,9 @@ void free_fd_array(struct file **array, int num) ...@@ -69,13 +69,9 @@ void free_fd_array(struct file **array, int num)
static void __free_fdtable(struct fdtable *fdt) static void __free_fdtable(struct fdtable *fdt)
{ {
int fdset_size, fdarray_size; free_fdset(fdt->open_fds, fdt->max_fdset);
free_fdset(fdt->close_on_exec, fdt->max_fdset);
fdset_size = fdt->max_fdset / 8; free_fd_array(fdt->fd, fdt->max_fds);
fdarray_size = fdt->max_fds * sizeof(struct file *);
free_fdset(fdt->open_fds, fdset_size);
free_fdset(fdt->close_on_exec, fdset_size);
free_fd_array(fdt->fd, fdarray_size);
kfree(fdt); kfree(fdt);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment