coredump: fix memleak in dump_vma_snapshot()

commit 6fcac87e1f9e5b27805a2a404f4849194bb51de8 upstream.

dump_vma_snapshot() allocs memory for *vma_meta, when dump_vma_snapshot()
returns -EFAULT, the memory will be leaked, so we free it correctly.

Link: https://lkml.kernel.org/r/20210810020441.62806-1-qiuxi1@huawei.com
Fixes: a07279c9a8cd7 ("binfmt_elf, binfmt_elf_fdpic: use a VMA list snapshot")
Signed-off-by: QiuXi <qiuxi1@huawei.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jann Horn <jannh@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/coredump.c b/fs/coredump.c
index c6acfc694f658201c2f165cba2c074ad4658fae8..c56a3bdce7cd4552168f6d9ac52b2cdb39221ed3 100644 (file)
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -1111,8 +1111,10 @@ int dump_vma_snapshot(struct coredump_params *cprm, int *vma_count,
 
        mmap_write_unlock(mm);
 
-       if (WARN_ON(i != *vma_count))
+       if (WARN_ON(i != *vma_count)) {
+               kvfree(*vma_meta);
                return -EFAULT;
+       }
 
        *vma_data_size_ptr = vma_data_size;
        return 0;