From: Dipankar Sarma Date: Wed, 14 Sep 2005 19:18:42 +0000 (+0530) Subject: [PATCH] Fix the fdtable freeing in the case of vmalloced fdset/arrays X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0b175a7e68c2f51555820efb0a01681e3419c1bc;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [PATCH] Fix the fdtable freeing in the case of vmalloced fdset/arrays Noted by David Miller: "The bug is that free_fd_array() takes a "num" argument, but when calling it from __free_fdtable() we're instead passing in the size in bytes (ie. "num * sizeof(struct file *)")." Yes it is a bug. I think I messed it up while merging newer changes with an older version where I was using size in bytes to optimize. Signed-off-by: Dipankar Sarma Signed-off-by: Linus Torvalds --- diff --git a/fs/file.c b/fs/file.c index 2127a7b9dc3a..fd066b261c75 100644 --- a/fs/file.c +++ b/fs/file.c @@ -69,13 +69,9 @@ void free_fd_array(struct file **array, int num) static void __free_fdtable(struct fdtable *fdt) { - int fdset_size, fdarray_size; - - fdset_size = fdt->max_fdset / 8; - fdarray_size = fdt->max_fds * sizeof(struct file *); - free_fdset(fdt->open_fds, fdset_size); - free_fdset(fdt->close_on_exec, fdset_size); - free_fd_array(fdt->fd, fdarray_size); + free_fdset(fdt->open_fds, fdt->max_fdset); + free_fdset(fdt->close_on_exec, fdt->max_fdset); + free_fd_array(fdt->fd, fdt->max_fds); kfree(fdt); }