The patch titled pidns: fix a leak in /proc dentries and inodes with pid namespaces. has been added to the -mm tree. Its filename is pidns-fix-a-leak-in-proc-dentries-and-inodes-with-pid-namespaces.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find out what to do about this The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: pidns: fix a leak in /proc dentries and inodes with pid namespaces. From: Sukadev Bhattiprolu <sukadev@xxxxxxxxxxxxxxxxxx> Daniel Lezcano reported a leak in 'struct pid' and 'struct pid_namespace' that is discussed in: http://lkml.org/lkml/2009/10/2/159. To summarize the thread, when container-init is terminated, it sets the PF_EXITING flag, zaps other processes in the container and waits to reap them. As a part of reaping, the container-init should flush any /proc dentries associated with the processes. But because the container-init is itself exiting and the following PF_EXITING check, the dentries are not flushed, resulting in leak in /proc inodes and dentries. This fix reverts the commit 7766755a2f249e7e0 ("Fix /proc dcache deadlock in do_exit") which introduced the check for PF_EXITING. At the time of the commit, shrink_dcache_parent() flushed dentries from other filesystems also and could have caused a deadlock which the commit fixed. But as pointed out by Eric Biederman, after commit 0feae5c47aabdde59, shrink_dcache_parent() no longer affects other filesystems. So reverting the commit is now safe. As pointed out by Jan Kara, the leak is not as critical since the unclaimed space will be reclaimed under memory pressure or by: echo 3 > /proc/sys/vm/drop_caches But since this check is no longer required, its best to remove it. Signed-off-by: Sukadev Bhattiprolu <sukadev@xxxxxxxxxx> Reported-by: Daniel Lezcano <dlezcano@xxxxxxxxxx> Acked-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxx> Acked-by: Jan Kara <jack@xxxxxx> Cc: Andrea Arcangeli <andrea@xxxxxxxxxxxx> Cc: Serge Hallyn <serue@xxxxxxxxxx> Cc: <stable@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- diff -puN fs/proc/base.c~pidns-fix-a-leak-in-proc-dentries-and-inodes-with-pid-namespaces fs/proc/base.c --- a/fs/proc/base.c~pidns-fix-a-leak-in-proc-dentries-and-inodes-with-pid-namespaces +++ a/fs/proc/base.c @@ -2597,8 +2597,7 @@ static void proc_flush_task_mnt(struct v name.len = snprintf(buf, sizeof(buf), "%d", pid); dentry = d_hash_and_lookup(mnt->mnt_root, &name); if (dentry) { - if (!(current->flags & PF_EXITING)) - shrink_dcache_parent(dentry); + shrink_dcache_parent(dentry); d_drop(dentry); dput(dentry); } _ Patches currently in -mm which might be from sukadev@xxxxxxxxxxxxxxxxxx are pidns-fix-a-leak-in-proc-dentries-and-inodes-with-pid-namespaces.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html