IB/uverbs: Don't leak ref to mm on error path

In ib_umem_release_on_close(), if the kmalloc() fails, then a
reference to current->mm will be leaked.  Fix this by adding a mmput()
instead of just returning on kmalloc() failure.

Signed-off-by: Roland Dreier <rolandd@cisco.com>

drivers/infiniband/core/uverbs_mem.c

@@ -211,8 +211,10 @@ void ib_umem_release_on_close(struct ib_device *dev, struct ib_umem *umem)
 	 */
 
 	work = kmalloc(sizeof *work, GFP_KERNEL);
-	if (!work)
+	if (!work) {
+		mmput(mm);
 		return;
+	}
 
 	INIT_WORK(&work->work, ib_umem_account, work);
 	work->mm   = mm;