# http://linux.bkbits.net:8080/linux-2.4/gnupatch@407bf20eDeeejm8t36_tpvSE-8EFHA
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0427
# http://www.ultramonkey.org/bugs/cve/CAN-2004-0427.shtml

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/04/13 10:58:38-03:00 john.l.byrne@hp.com 
#   [PATCH] do_fork() error path memory leak
#   
#   In do_fork(), if an error occurs after the mm_struct for the child has
#   been allocated, it is never freed. The exit_mm() meant to free it
#   increments the mm_count and this count is never decremented. (For a
#   running process that is exitting, schedule() takes care this; however,
#   the child process being cleaned up is not running.) In the CLONE_VM
#   case, the parent's mm_struct will get an extra mm_count and so it will
#   never be freed.
#   
#   This patch against 2.4.25 should fix both the CLONE_VM and the not
#   CLONE_VM case; the test of p->active_mm prevents a panic in the case
#   that a kernel-thread is being cloned.
# 
# kernel/fork.c
#   2004/04/07 21:43:29-03:00 john.l.byrne@hp.com +2 -0
#   do_fork() error path memory leak
# 
diff -Nru a/kernel/fork.c b/kernel/fork.c
--- a/kernel/fork.c	2004-06-14 04:49:07 -07:00
+++ b/kernel/fork.c	2004-06-14 04:49:07 -07:00
@@ -826,6 +826,8 @@
 	exit_namespace(p);
 bad_fork_cleanup_mm:
 	exit_mm(p);
+	if (p->active_mm)
+		mmdrop(p->active_mm);
 bad_fork_cleanup_sighand:
 	exit_sighand(p);
 bad_fork_cleanup_fs: