posix-cpu-timers: Fix pid refcount leak in do_cpu_nanosleep() error path

In do_cpu_nanosleep(), posix_cpu_timer_create() takes a pid reference via get_pid() and stores it in timer.it.cpu.pid. If the subsequent posix_cpu_timer_set() call fails, the function returns immediately without calling posix_cpu_timer_del() to release the pid reference, causing a leak. Fix it by calling posix_cpu_timer_del() before the unlock-and-return on the error path, consistent with the other exit paths in the same function. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: WenTao Liang <vulab@iscas.ac.cn> Signed-off-by: Thomas Gleixner <tglx@kernel.org> Reviewed-by: Frederic Weisbecker <frederic@kernel.org> Cc: stable@vger.kernel.org Link: https://patch.msgid.link/20260611161738.97043-1-vulab@iscas.ac.cn
author: WenTao Liang <vulab@iscas.ac.cn> 2026-06-12 00:17:38 +0800
committer: Thomas Gleixner <tglx@kernel.org> 2026-06-13 16:16:02 +0200
commit: 87bd2ad568e15b90d5f7d4bcd70342d05dad649c (patch)
tree: cd9933da0244e34ad806031b834a0038bca05856
parent: f24df84cbe05e4471c04ac4b921fc0340bbc7752 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c
index 395e297093f8..74775b94d11b 100644
--- a/kernel/time/posix-cpu-timers.c
+++ b/kernel/time/posix-cpu-timers.c
@@ -1506,6 +1506,7 @@ static int do_cpu_nanosleep(const clockid_t which_clock, int flags,
 		spin_lock_irq(&timer.it_lock);
 		error = posix_cpu_timer_set(&timer, flags, &it, NULL);
 		if (error) {
+			posix_cpu_timer_del(&timer);
 			spin_unlock_irq(&timer.it_lock);
 			return error;
 		}
author	WenTao Liang <vulab@iscas.ac.cn>	2026-06-12 00:17:38 +0800
committer	Thomas Gleixner <tglx@kernel.org>	2026-06-13 16:16:02 +0200
commit	87bd2ad568e15b90d5f7d4bcd70342d05dad649c (patch)
tree	cd9933da0244e34ad806031b834a0038bca05856
parent	f24df84cbe05e4471c04ac4b921fc0340bbc7752 (diff)