fix fdset leakage

When found, it is obvious.  nfds calculated when allocating fdsets is
rewritten by calculation of size of fdtable, and when we are unlucky, we
try to free fdsets of wrong size.

Found due to OpenVZ resource management (User Beancounters).

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>

diff --git a/fs/file.c b/fs/file.c
index cea7cbea11d0d5fca944ab11a331568fe0949fb7..44ab07a080ec0791b1f334370092f772fc106018 100644 (file)
--- a/fs/file.c
+++ b/fs/file.c
@@ -283,11 +283,13 @@ static struct fdtable *alloc_fdtable(int nr)
        } while (nfds <= nr);
        new_fds = alloc_fd_array(nfds);
        if (!new_fds)
-               goto out;
+               goto out2;
        fdt->fd = new_fds;
        fdt->max_fds = nfds;
        fdt->free_files = NULL;
        return fdt;
+out2:
+       nfds = fdt->max_fdset;
 out:
        if (new_openset)
                free_fdset(new_openset, nfds);