On Wed, Feb 11, 2009 at 6:24 PM, Serge E. Hallyn <serue@xxxxxxxxxx> wrote:
> Quoting David Howells (dhowells@xxxxxxxxxx):
>> Serge E. Hallyn <serue@xxxxxxxxxx> wrote:
>>
>> > static void uid_hash_remove(struct user_struct *up)
>> > {
>> > + put_user_ns(up->user_ns);
>> > hlist_del_init(&up->uidhash_node);
>> > }
>>
>> Don't you need to do the hlist_del_init() first? Otherwise, mightn't the
>> put_user_ns() cause the namespace to be freed before hlist_del_init() removes
>> the user_struct from it?
>
> It's called under uidhash_lock spinlock so should be ok, but in
> principle you're right so it's probably a good idea.
>
> The main point is that without this patch, put_user_ns is done before
> the hlist_del_init and *not* atomically under uidhash_lock.
Congrats, your (unmodified) patch made it through the first 20 minutes
of testing! :-D
(In comparison, the unpatched kernel would usually crash after ~3 minutes)
I wonder why you couldn't reproduce it, though.
KOSAKI Motohiro: You might want to see if this patch helps too. It is
here: http://lkml.org/lkml/2009/2/11/251
Vegard
--
"The animistic metaphor of the bug that maliciously sneaked in while
the programmer was not looking is intellectually dishonest as it
disguises that the error is the programmer's own creation."
-- E. W. Dijkstra, EWD1036
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
