On 06/24, Eric W. Biederman wrote: > > Oleg Nesterov <oleg@xxxxxxxxxx> writes: > > > This is mostly cleanup and optimization, but also fixes the bug. > > Oleg with respect to your other patches I think they are some of > the best ones we have on the table. > > > proc_flush_task() checks upid->nr == 1 to detect the case when > > a sub-namespace exits. However, this doesn't work in case when > > a multithreaded init execs and calls release_task(old_leader), > > the old leader has the same pid 1. > > > > Move pid_ns_release_proc() to zap_pid_ns_processes(), it is called > > when we know for sure that init is exiting. > > This actually guarantees a use after free for the namespace init: Yes, thanks. I am stupid. Please ignore the patch. Oleg. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
