Dmitry Mishin wrote:
> On Monday 11 December 2006 00:58, dlezcano at fr.ibm.com wrote:
>> Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com>
>>
>> ---
>>
>> kernel/nsproxy.c | 2 +-
>> 1 files changed, 1 insertion(+), 1 deletion(-)
>>
>> Index: 2.6.19-rc6-mm2/kernel/nsproxy.c
>> ===================================================================
>> --- 2.6.19-rc6-mm2.orig/kernel/nsproxy.c
>> +++ 2.6.19-rc6-mm2/kernel/nsproxy.c
>> @@ -54,10 +54,10 @@ void exit_task_namespaces(struct task_st
>> {
>> struct nsproxy *ns = p->nsproxy;
>> if (ns) {
>> + put_nsproxy(ns);
>> task_lock(p);
>> p->nsproxy = NULL;
>> task_unlock(p);
>> - put_nsproxy(ns);
>> }
>> }
> This will follow in a race.
Yep.
I did that to have a quick fix for the net_ns cleanup.
The problem raised is the p->nsproxy = NULL followed by put_ns_proxy and
put_net_ns. This one will call free_net_ns followed by ip_fib_cleanup
and that will use current_net_ns (which is current->nsproxy->net_ns)
with nsproxy = NULL
I think, the right fix is to have ip_fib_cleanup called with the net_ns
pointer as parameter and in this case current_net_ns needs to be checked
in all the code to ensure it will not be used by the cleanup.
