[PATCH] vfs: clear remainder of 'full_fds_bits' in dup_fd()

[Eric Biggers]

This fixes a bug from commit f3f86e33dc3d ("vfs: Fix pathological
performance case for __alloc_fd()").

Signed-off-by: Eric Biggers <ebiggers3@xxxxxxxxx>
---
 fs/file.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/fs/file.c b/fs/file.c
index 6f6eb2b..36e5103 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -276,7 +276,7 @@ struct files_struct *dup_fd(struct files_struct *oldf, int *errorp)
 {
 	struct files_struct *newf;
 	struct file **old_fds, **new_fds;
-	int open_files, size, i;
+	int open_files, i;
 	struct fdtable *old_fdt, *new_fdt;
 
 	*errorp = -ENOMEM;
@@ -357,18 +357,16 @@ struct files_struct *dup_fd(struct files_struct *oldf, int *errorp)
 	}
 	spin_unlock(&oldf->file_lock);
 
-	/* compute the remainder to be cleared */
-	size = (new_fdt->max_fds - open_files) * sizeof(struct file *);
-
-	/* This is long word aligned thus could use a optimized version */
-	memset(new_fds, 0, size);
-
+	/* clear the remainder if needed */
 	if (new_fdt->max_fds > open_files) {
-		int left = (new_fdt->max_fds - open_files) / 8;
+		int left = new_fdt->max_fds - open_files;
 		int start = open_files / BITS_PER_LONG;
 
-		memset(&new_fdt->open_fds[start], 0, left);
-		memset(&new_fdt->close_on_exec[start], 0, left);
+		memset(new_fds, 0, left * sizeof(struct file *));
+		memset(&new_fdt->open_fds[start], 0, left / 8);
+		memset(&new_fdt->close_on_exec[start], 0, left / 8);
+		memset(&new_fdt->full_fds_bits[BITBIT_NR(open_files)], 0,
+		       BITBIT_SIZE(new_fdt->max_fds) - BITBIT_SIZE(open_files));
 	}
 
 	rcu_assign_pointer(newf->fdt, new_fdt);
-- 
2.6.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/