mm/mlock: fix potential imbalanced rlimit ucounts adjustment
authorMiaohe Lin <linmiaohe@huawei.com>
Tue, 22 Mar 2022 21:44:56 +0000 (14:44 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 22 Mar 2022 22:57:07 +0000 (15:57 -0700)
user_shm_lock forgets to set allowed to 0 when get_ucounts fails.  So
the later user_shm_unlock might do the extra dec_rlimit_ucounts.  Fix
this by resetting allowed to 0.

Link: https://lkml.kernel.org/r/20220310132417.41189-1-linmiaohe@huawei.com
Fixes: d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of ucounts")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Herbert van den Bergh <herbert.van.den.bergh@oracle.com>
Cc: Chris Mason <chris.mason@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mm/mlock.c

index 25934e7db3e103e98baa9f9db7083944a1265e2d..349e2cda8c50caf50a176d903cc5e13a10b52032 100644 (file)
@@ -839,6 +839,7 @@ int user_shm_lock(size_t size, struct ucounts *ucounts)
        }
        if (!get_ucounts(ucounts)) {
                dec_rlimit_ucounts(ucounts, UCOUNT_RLIMIT_MEMLOCK, locked);
+               allowed = 0;
                goto out;
        }
        allowed = 1;