[PATCH] fix freeing user_struct in user cache

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Hillf Danton

Subject: [PATCH] fix freeing user_struct in user cache

Date: Thursday, December 23, 2010 - 5:52 am

When racing on adding into user cache, the new allocated from mm slab
is freed without putting user namespace.

Since the user namespace is already operated by getting, putting has
to be issued.

btw, it could be freed out of lock?

Signed-off-by: Hillf Danton <dhillf@gmail.com>
---

--- a/kernel/user.c	2010-11-01 19:54:12.000000000 +0800
+++ b/kernel/user.c	2010-12-23 20:42:00.000000000 +0800
@@ -158,6 +158,7 @@ struct user_struct *alloc_uid(struct use
 		spin_lock_irq(&uidhash_lock);
 		up = uid_hash_find(uid, hashent);
 		if (up) {
+			put_user_ns(ns);
 			key_put(new->uid_keyring);
 			key_put(new->session_keyring);
 			kmem_cache_free(uid_cachep, new);
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] fix freeing user_struct in user cache, Hillf Danton, (Thu Dec 23, 5:52 am)

Re: [PATCH] fix freeing user_struct in user cache, Greg KH, (Thu Dec 23, 8:55 pm)

Re: [PATCH] fix freeing user_struct in user cache, Hillf Danton, (Fri Dec 24, 7:24 am)

Re: [PATCH] fix freeing user_struct in user cache, Greg KH, (Fri Dec 24, 10:14 am)

Re: [PATCH] fix freeing user_struct in user cache, Serge E. Hallyn, (Fri Dec 24, 4:56 pm)

Re: [PATCH] fix freeing user_struct in user cache, Hillf Danton, (Sat Dec 25, 6:56 am)

[PATCH] fix freeing user_struct in user cache, Hillf Danton, (Wed Dec 29, 6:55 am)

Re: [PATCH] fix freeing user_struct in user cache, Serge E. Hallyn, (Fri Dec 31, 7:25 am)


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Mr. James W. Laferriere	Re: Linux 2.6.25-rc1 , syntax error near unexpected token `;'
Chuck Ebbert	Re: PCI: Unable to reserve mem region problem
Linus Torvalds	Linux 2.6.34-rc4
Mingming Cao	Re: [RFC 1/4] Large Blocksize support for Ext2/3/4
git:
Ralf Wildenhues	[PATCH] Fix typos in the documentation
Len Brown	Re: fatal: unable to create '.git/index': File exists
Adeodato	Bazaar's patience diff as GIT_EXTERNAL_DIFF
Denis Bueno	Git clone error
Johannes Schindelin	Re: [PATCH 2/4] Add functions get_relative_cwd() and is_inside_dir()
git-commits-head:
Linux Kernel Mailing List	ASoC: fix registration of the SoC card in the Freescale MPC8610 drivers
Linux Kernel Mailing List	drivers/acpi: use kasprintf
Linux Kernel Mailing List	nfsd41: sanity check client drc maxreqs
Linux Kernel Mailing List	bnx2x: Moving includes
Linux Kernel Mailing List	V4L/DVB: gspca - sonixj: Adjust minor values of sensor ov7630. - set the color ga...
openbsd-misc:
Sevan / Venture37	Re: This is what Linus Torvalds calls openBSD crowd
Netmaffia.hu	Tini Lányok AKCIÓBAN OTTHON
Sam Fourman Jr.	Re: Help with Altell PC6700
Siju George	This is what Linus Torvalds calls openBSD crowd
Darrin Chandler	Re: OT: Python (was Re: vi in /bin)
linux-netdev:
Kurt Van Dijck	Re: [PATCH net-next-2.6 1/2] can: add driver for Softing card
Eric Dumazet	Re: [PATCH net-next-2.6] net: Introduce skb_orphan_try()
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Jarek Poplawski	Re: socket api problem: can't bind an ipv6 socket to ::ffff:0.0.0.0
David Miller	Re: [PATCH v2] net: typos in comments in include/linux/igmp.h