If file descriptor allocation for memfd fails, we do not fill the corresponding position in `fds' array with -1. Later when we install memfds, fds[gaps->n_fds + i] will contain garbage which we pass then to fd_install(). Fix it by adding -1 to `fds' in case when we can't get free file descriptor for memfd.
Signed-off-by: Sergei Zviagintsev <ser...@s15v.net> --- ipc/kdbus/message.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ipc/kdbus/message.c b/ipc/kdbus/message.c index f2176796390d..0653a085c104 100644 --- a/ipc/kdbus/message.c +++ b/ipc/kdbus/message.c @@ -181,6 +181,7 @@ int kdbus_gaps_install(struct kdbus_gaps *gaps, struct kdbus_pool_slice *slice, memfd = get_unused_fd_flags(O_CLOEXEC); if (memfd < 0) { incomplete_fds = true; + fds[n_fds++] = -1; /* memfds are initialized to -1, skip copying it */ continue; } -- 1.8.3.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/