1. Patchew
  2. linux
  3. View series

[PATCH] ipc: create_ipc_ns: drop mqueue mount on sysctl setup failure

Vlad Kulikov posted 1 patch 12 hours ago 
ipc/namespace.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
[PATCH] ipc: create_ipc_ns: drop mqueue mount on sysctl setup failure
Posted by Vlad Kulikov 12 hours ago 
If setup_mq_sysctls(ns) fails after mq_init_ns(ns) succeeds, the error
path skipped releasing the internal kernel mqueue mount kept in
ns->mq_mnt. That leaves the vfsmount/superblock referenced until final
namespace teardown, i.e. a resource leak on this rare failure edge.

Unwind it by calling mntput(ns->mq_mnt) before dropping user_ns and
freeing the IPC namespace. This mirrors the normal ordering used in
free_ipc_ns().

Signed-off-by: Vlad Kulikov <vlad_kulikov_c@pm.me>
---
 ipc/namespace.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ipc/namespace.c b/ipc/namespace.c
index 59b12fcb40bd..cf62d11a09b9 100644
--- a/ipc/namespace.c
+++ b/ipc/namespace.c
@@ -75,10 +75,10 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
 
 	err = -ENOMEM;
 	if (!setup_mq_sysctls(ns))
-		goto fail_put;
+		goto fail_mq_mount;
 
 	if (!setup_ipc_sysctls(ns))
-		goto fail_mq;
+		goto fail_mq_sysctls;
 
 	err = msg_init_ns(ns);
 	if (err)
@@ -92,9 +92,10 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
 
 fail_ipc:
 	retire_ipc_sysctls(ns);
-fail_mq:
+fail_mq_sysctls:
 	retire_mq_sysctls(ns);
-
+fail_mq_mount:
+	mntput(ns->mq_mnt);
 fail_put:
 	put_user_ns(ns->user_ns);
 	ns_common_free(ns);
-- 
2.32.0
Re: [PATCH] ipc: create_ipc_ns: drop mqueue mount on sysctl setup failure
Posted by Jan Kara 10 hours ago 
On Tue 21-10-25 21:13:39, Vlad Kulikov wrote:
> If setup_mq_sysctls(ns) fails after mq_init_ns(ns) succeeds, the error
> path skipped releasing the internal kernel mqueue mount kept in
> ns->mq_mnt. That leaves the vfsmount/superblock referenced until final
> namespace teardown, i.e. a resource leak on this rare failure edge.
> 
> Unwind it by calling mntput(ns->mq_mnt) before dropping user_ns and
> freeing the IPC namespace. This mirrors the normal ordering used in
> free_ipc_ns().
> 
> Signed-off-by: Vlad Kulikov <vlad_kulikov_c@pm.me>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  ipc/namespace.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/ipc/namespace.c b/ipc/namespace.c
> index 59b12fcb40bd..cf62d11a09b9 100644
> --- a/ipc/namespace.c
> +++ b/ipc/namespace.c
> @@ -75,10 +75,10 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
>  
>  	err = -ENOMEM;
>  	if (!setup_mq_sysctls(ns))
> -		goto fail_put;
> +		goto fail_mq_mount;
>  
>  	if (!setup_ipc_sysctls(ns))
> -		goto fail_mq;
> +		goto fail_mq_sysctls;
>  
>  	err = msg_init_ns(ns);
>  	if (err)
> @@ -92,9 +92,10 @@ static struct ipc_namespace *create_ipc_ns(struct user_namespace *user_ns,
>  
>  fail_ipc:
>  	retire_ipc_sysctls(ns);
> -fail_mq:
> +fail_mq_sysctls:
>  	retire_mq_sysctls(ns);
> -
> +fail_mq_mount:
> +	mntput(ns->mq_mnt);
>  fail_put:
>  	put_user_ns(ns->user_ns);
>  	ns_common_free(ns);
> -- 
> 2.32.0
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.