Hi Alexander, Do you have any comments about this patch? Here is a reproducer for this leak: $ cat mount.sh set -e -x mount --make-rprivate / mount -t tmpfs zdtm /mnt mount --make-shared /mnt mount -t proc procX /proc for i in `seq $1`; do mount --bind /mnt /mnt done mount --make-rprivate /mnt unshare -m sleep 1000 & pid=$! unshare -m nsenter -m -t $pid nsenter -m -t $$ true $ while :; do unshare -Umpfr sh mount.sh 16 || break; done ... $ cat /proc/slabinfo | grep mnt mnt_cache 3281745 3281776 512 16 2 : tunables 0 0 0 : slabdata 205111 205111 0 On Thu, Jun 08, 2017 at 05:32:29PM -0700, Andrei Vagin wrote: > Fixes: 4f757f3cbf54 ("make sure that mntns_install() doesn't end up with referral for root") > Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Signed-off-by: Andrei Vagin <avagin@xxxxxxxxxx> > --- > fs/namespace.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fs/namespace.c b/fs/namespace.c > index 8bd3e4d..5a44384 100644 > --- a/fs/namespace.c > +++ b/fs/namespace.c > @@ -3488,6 +3488,8 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns) > return err; > } > > + put_mnt_ns(old_mnt_ns); > + > /* Update the pwd and root */ > set_fs_pwd(fs, &root); > set_fs_root(fs, &root); > -- > 2.9.4 >