On Monday 11 December 2006 18:46, Daniel Lezcano wrote: > Dmitry Mishin wrote: > > On Monday 11 December 2006 00:58, dlezcano at fr.ibm.com wrote: > >> Signed-off-by: Daniel Lezcano <dlezcano at fr.ibm.com> > >> > >> --- > >> > >> kernel/nsproxy.c | 2 +- > >> 1 files changed, 1 insertion(+), 1 deletion(-) > >> > >> Index: 2.6.19-rc6-mm2/kernel/nsproxy.c > >> =================================================================== > >> --- 2.6.19-rc6-mm2.orig/kernel/nsproxy.c > >> +++ 2.6.19-rc6-mm2/kernel/nsproxy.c > >> @@ -54,10 +54,10 @@ void exit_task_namespaces(struct task_st > >> { > >> struct nsproxy *ns = p->nsproxy; > >> if (ns) { > >> + put_nsproxy(ns); > >> task_lock(p); > >> p->nsproxy = NULL; > >> task_unlock(p); > >> - put_nsproxy(ns); > >> } > >> } > > This will follow in a race. > > Yep. > > I did that to have a quick fix for the net_ns cleanup. > The problem raised is the p->nsproxy = NULL followed by put_ns_proxy and > put_net_ns. This one will call free_net_ns followed by ip_fib_cleanup > and that will use current_net_ns (which is current->nsproxy->net_ns) > with nsproxy = NULL > > I think, the right fix is to have ip_fib_cleanup called with the net_ns > pointer as parameter and in this case current_net_ns needs to be checked > in all the code to ensure it will not be used by the cleanup. Yes, it is. Shame on me, I've missed it when porting. Will be fixed in next version. -- Thanks, Dmitry.