+ unshare-fix-nsproxy-leak-on-set_cred_ucounts-error-path.patch added to mm-nonmm-unstable branch - Linux-stable-mirror

18 Nov 2025

The patch titled
     Subject: unshare: fix nsproxy leak on set_cred_ucounts() error path
has been added to the -mm mm-nonmm-unstable branch.  Its filename is
     unshare-fix-nsproxy-leak-on-set_cred_ucounts-error-path.patch
This patch will shortly appear at
     https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches...
This patch will later appear in the mm-nonmm-unstable branch at
    git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Pavel Tikhomirov ptikhomirov@virtuozzo.com
Subject: unshare: fix nsproxy leak on set_cred_ucounts() error path
Date: Tue, 18 Nov 2025 14:45:50 +0800
If unshare_nsproxy_namespaces() successfully creates the new_nsproxy, but
then set_cred_ucounts() fails, on its error path there is no cleanup for
new_nsproxy, so it is leaked.  Let's fix that by freeing new_nsproxy if
it's not NULL on this error path.
Link: https://lkml.kernel.org/r/20251118064552.936962-1-ptikhomirov@virtuozzo.com
Fixes: 905ae01c4ae2a ("Add a reference to ucounts for each cred")
Signed-off-by: Pavel Tikhomirov ptikhomirov@virtuozzo.com
Acked-by: Alexey Gladkov legion@kernel.org
Reviewed-by: Liam R. Howlett Liam.Howlett@oracle.com
Cc: Ben Segall bsegall@google.com
Cc: Dietmar Eggemann dietmar.eggemann@arm.com
Cc: Eric Biederman ebiederm@xmission.com
Cc: Ingo Molnar mingo@redhat.com
Cc: Juri Lelli juri.lelli@redhat.com
Cc: Kees Cook kees@kernel.org
Cc: Lorenzo Stoakes lorenzo.stoakes@oracle.com
Cc: Mel Gorman <mgorman mgorman@suse.de
Cc: Michal Hocko mhocko@suse.com
Cc: Mike Rapoport rppt@kernel.org
Cc: Peter Zijlstra peterz@infradead.org
Cc: Steven Rostedt rostedt@goodmis.org
Cc: Suren Baghdasaryan surenb@google.com
Cc: Valentin Schneider vschneid@redhat.com
Cc: Vincent Guittot vincent.guittot@linaro.org
Cc: Vlastimil Babka vbabka@suse.cz
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Morton akpm@linux-foundation.org
---
kernel/fork.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/kernel/fork.c~unshare-fix-nsproxy-leak-on-set_cred_ucounts-error-path
+++ a/kernel/fork.c
@@ -3133,8 +3133,11 @@ int ksys_unshare(unsigned long unshare_f
if (new_cred) {
    	err = set_cred_ucounts(new_cred);
-		if (err)
+		if (err) {
+			if (new_nsproxy)
+				free_nsproxy(new_nsproxy);
    		goto bad_unshare_cleanup_cred;
+		}
    }
if (new_fs || new_fd || do_sysvsem || new_cred || new_nsproxy) {
_
Patches currently in -mm which might be from ptikhomirov@virtuozzo.com are
unshare-fix-nsproxy-leak-on-set_cred_ucounts-error-path.patch

    