[tip: timers/core] posix-cpu-timers: Fix pid refcount leak in do_cpu_nanosleep() error path
From: tip-bot2 for WenTao Liang
Date: Sat Jun 13 2026 - 10:22:25 EST
The following commit has been merged into the timers/core branch of tip:
Commit-ID: 87bd2ad568e15b90d5f7d4bcd70342d05dad649c
Gitweb: https://git.kernel.org/tip/87bd2ad568e15b90d5f7d4bcd70342d05dad649c
Author: WenTao Liang <vulab@xxxxxxxxxxx>
AuthorDate: Fri, 12 Jun 2026 00:17:38 +08:00
Committer: Thomas Gleixner <tglx@xxxxxxxxxx>
CommitterDate: Sat, 13 Jun 2026 16:16:02 +02:00
posix-cpu-timers: Fix pid refcount leak in do_cpu_nanosleep() error path
In do_cpu_nanosleep(), posix_cpu_timer_create() takes a pid reference
via get_pid() and stores it in timer.it.cpu.pid. If the subsequent
posix_cpu_timer_set() call fails, the function returns immediately
without calling posix_cpu_timer_del() to release the pid reference,
causing a leak.
Fix it by calling posix_cpu_timer_del() before the unlock-and-return
on the error path, consistent with the other exit paths in the same
function.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: WenTao Liang <vulab@xxxxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxx>
Reviewed-by: Frederic Weisbecker <frederic@xxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Link: https://patch.msgid.link/20260611161738.97043-1-vulab@xxxxxxxxxxx
---
kernel/time/posix-cpu-timers.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c
index 395e297..74775b9 100644
--- a/kernel/time/posix-cpu-timers.c
+++ b/kernel/time/posix-cpu-timers.c
@@ -1506,6 +1506,7 @@ static int do_cpu_nanosleep(const clockid_t which_clock, int flags,
spin_lock_irq(&timer.it_lock);
error = posix_cpu_timer_set(&timer, flags, &it, NULL);
if (error) {
+ posix_cpu_timer_del(&timer);
spin_unlock_irq(&timer.it_lock);
return error;
}