On Wed, Feb 11, 2009 at 6:24 PM, Serge E. Hallyn <serue@xxxxxxxxxx> wrote: > Quoting David Howells (dhowells@xxxxxxxxxx): >> Serge E. Hallyn <serue@xxxxxxxxxx> wrote: >> >> > static void uid_hash_remove(struct user_struct *up) >> > { >> > + put_user_ns(up->user_ns); >> > hlist_del_init(&up->uidhash_node); >> > } >> >> Don't you need to do the hlist_del_init() first? Otherwise, mightn't the >> put_user_ns() cause the namespace to be freed before hlist_del_init() removes >> the user_struct from it? > > It's called under uidhash_lock spinlock so should be ok, but in > principle you're right so it's probably a good idea. > > The main point is that without this patch, put_user_ns is done before > the hlist_del_init and *not* atomically under uidhash_lock. Congrats, your (unmodified) patch made it through the first 20 minutes of testing! :-D (In comparison, the unpatched kernel would usually crash after ~3 minutes) I wonder why you couldn't reproduce it, though. KOSAKI Motohiro: You might want to see if this patch helps too. It is here: http://lkml.org/lkml/2009/2/11/251 Vegard -- "The animistic metaphor of the bug that maliciously sneaked in while the programmer was not looking is intellectually dishonest as it disguises that the error is the programmer's own creation." -- E. W. Dijkstra, EWD1036 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers