Cedric Le Goater wrote:
> Dave Hansen wrote:
>> On Mon, 2006-08-28 at 16:56 +0200, Cedric Le Goater wrote:
>>> + * Clone a new ns copying an original user ns, setting refcount to 1
>>> + * @old_ns: namespace to clone
>>> + * Return NULL on error (failure to kmalloc), new ns otherwise
>>> + */
>>> +static struct user_namespace *clone_user_ns(struct user_namespace
>>> *old_ns)
>>> +{
>>> + struct user_namespace *ns;
>>> +
>>> + ns = kmalloc(sizeof(struct user_namespace), GFP_KERNEL);
>>> + if (ns) {
>>> + int n;
>>> + struct user_struct *new_user;
>>> +
>>> + kref_init(&ns->kref);
>>> +
>>> + for(n = 0; n < UIDHASH_SZ; ++n)
>>> + INIT_LIST_HEAD(ns->uidhash_table + n);
>>> +
>>> + /* Insert new root user. */
>>> + ns->root_user = alloc_uid(ns, 0);
>>> + if (!ns->root_user) {
>>> + kfree(ns);
>>> + return NULL;
>>> + }
>>> +
>>> + /* Reset current->user with a new one */
>>> + new_user = alloc_uid(ns, current->uid);
>>> + if (!new_user) {
>>> + kfree(ns);
>>> + return NULL;
>>> + }
>> Does this leak the ns->root_user?
>
> arg !
>
> thanks,
Sorry, I forgot to include the fix.
C.
Signed-off-by: Cedric Le Goater <clg at fr.ibm.com>
---
kernel/user.c | 1 +
1 file changed, 1 insertion(+)
Index: 2.6.18-rc4-mm3/kernel/user.c
===================================================================
--- 2.6.18-rc4-mm3.orig/kernel/user.c
+++ 2.6.18-rc4-mm3/kernel/user.c
@@ -125,6 +125,7 @@ static struct user_namespace *clone_user
/* Reset current->user with a new one */
new_user = alloc_uid(ns, current->uid);
if (!new_user) {
+ free_uid(ns->root_user);
kfree(ns);
return NULL;
}
