mqueue: fix mq_open() file descriptor leak on user-space processes

commit 4294a8eedb17bbc45e1e7447c2a4d05332943248 upstream.

We leak fd on lookup_one_len() failure

Signed-off-by: André Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index ee9d69707c0afafc9d5a6d0d9b46146e4fafe3e4..d01bc14a9b3713f6f62ed6c2599a1ca95b0cf0e2 100644 (file)
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -706,7 +706,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, mode_t, mode,
        dentry = lookup_one_len(name, ipc_ns->mq_mnt->mnt_root, strlen(name));
        if (IS_ERR(dentry)) {
                error = PTR_ERR(dentry);
-               goto out_err;
+               goto out_putfd;
        }
        mntget(ipc_ns->mq_mnt);
 
@@ -744,7 +744,6 @@ out:
        mntput(ipc_ns->mq_mnt);
 out_putfd:
        put_unused_fd(fd);
-out_err:
        fd = error;
 out_upsem:
        mutex_unlock(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex);