[PATCH] fs/namespace: fix reference leak in grab_requested_mnt_ns

Next message: Donglin Peng: "Re: [RFC PATCH v7 5/7] libbpf: Implement BTF type sorting validation for binary search optimization"
Previous message: Peter Schneider: "Re: [PATCH 6.6 000/529] 6.6.117-rc1 review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrei Vagin

Date: Sat Nov 22 2025 - 02:19:58 EST

lookup_mnt_ns() already takes a reference on mnt_ns.
grab_requested_mnt_ns() doesn't need to take an extra reference.

Fixes: 78f0e33cd6c93 ("fs/namespace: correctly handle errors returned by grab_requested_mnt_ns")
Signed-off-by: Andrei Vagin <avagin@xxxxxxxxxx>
---
fs/namespace.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 2bad25709b2c..4272349650b1 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -5746,6 +5746,8 @@ static struct mnt_namespace *grab_requested_mnt_ns(const struct mnt_id_req *kreq

if (kreq->mnt_ns_id) {
mnt_ns = lookup_mnt_ns(kreq->mnt_ns_id);
+ if (!mnt_ns)
+ return ERR_PTR(-ENOENT);
} else if (kreq->mnt_ns_fd) {
struct ns_common *ns;

@@ -5761,13 +5763,12 @@ static struct mnt_namespace *grab_requested_mnt_ns(const struct mnt_id_req *kreq
return ERR_PTR(-EINVAL);

mnt_ns = to_mnt_ns(ns);
+ refcount_inc(&mnt_ns->passive);
} else {
mnt_ns = current->nsproxy->mnt_ns;
+ refcount_inc(&mnt_ns->passive);
}
- if (!mnt_ns)
- return ERR_PTR(-ENOENT);

- refcount_inc(&mnt_ns->passive);
return mnt_ns;
}

--
2.52.0.487.g5c8c507ade-goog