[Devel] Re: namespaces?: bug at mm/slub.c:2750
Serge E. Hallyn
serue at us.ibm.com
Wed Feb 11 09:24:16 PST 2009
Quoting David Howells (dhowells at redhat.com):
> Serge E. Hallyn <serue at us.ibm.com> wrote:
>
> > static void uid_hash_remove(struct user_struct *up)
> > {
> > + put_user_ns(up->user_ns);
> > hlist_del_init(&up->uidhash_node);
> > }
>
> Don't you need to do the hlist_del_init() first? Otherwise, mightn't the
> put_user_ns() cause the namespace to be freed before hlist_del_init() removes
> the user_struct from it?
It's called under uidhash_lock spinlock so should be ok, but in
principle you're right so it's probably a good idea.
The main point is that without this patch, put_user_ns is done before
the hlist_del_init and *not* atomically under uidhash_lock.
thanks,
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list