If file descriptor allocation for memfd fails, we do not fill the
corresponding position in `fds' array with -1. Later when we install
memfds, fds[gaps->n_fds + i] will contain garbage which we pass then
to fd_install(). Fix it by adding -1 to `fds' in case when we can't
get free file descriptor for memfd.
Signed-off-by: Sergei Zviagintsev <ser...@s15v.net>
---
ipc/kdbus/message.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ipc/kdbus/message.c b/ipc/kdbus/message.c
index f2176796390d..0653a085c104 100644
--- a/ipc/kdbus/message.c
+++ b/ipc/kdbus/message.c
@@ -181,6 +181,7 @@ int kdbus_gaps_install(struct kdbus_gaps *gaps, struct
kdbus_pool_slice *slice,
memfd = get_unused_fd_flags(O_CLOEXEC);
if (memfd < 0) {
incomplete_fds = true;
+ fds[n_fds++] = -1;
/* memfds are initialized to -1, skip copying it */
continue;
}
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
