aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorMiklos Szeredi <miklos@szeredi.hu>2005-07-07 20:57:22 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-07-07 21:23:51 -0400
commit202322e6f7cd12e82b5ff0fa92bbdf517fcf0947 (patch)
tree82c1f7b4b97d5b31654157a8f427a5c8d546504f /fs
parent6f50142e4b092a469920a0008fc23121c3d99f2f (diff)
[PATCH] namespace.c: fix mnt_namespace clearing
This patch clears mnt_namespace on unmount. Not clearing mnt_namespace has two effects: 1) It is possible to attach a new mount to a detached mount, because check_mnt() returns true. This means, that when no other references to the detached mount remain, it still can't be freed. This causes a resource leak, and possibly un-removable modules. 2) If mnt_namespace is dereferenced (only in mark_mounts_for_expiry()) after the namspace has been freed, it can cause an Oops, memory corruption, etc. 1) has been tested before and after the patch, 2) is only speculation. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> Acked-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/namespace.c8
1 files changed, 1 insertions, 7 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 208c079e9fdb..a0d0ef1f1a48 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -345,6 +345,7 @@ static void umount_tree(struct vfsmount *mnt)
345 for (p = mnt; p; p = next_mnt(p, mnt)) { 345 for (p = mnt; p; p = next_mnt(p, mnt)) {
346 list_del(&p->mnt_list); 346 list_del(&p->mnt_list);
347 list_add(&p->mnt_list, &kill); 347 list_add(&p->mnt_list, &kill);
348 p->mnt_namespace = NULL;
348 } 349 }
349 350
350 while (!list_empty(&kill)) { 351 while (!list_empty(&kill)) {
@@ -1449,15 +1450,8 @@ void __init mnt_init(unsigned long mempages)
1449 1450
1450void __put_namespace(struct namespace *namespace) 1451void __put_namespace(struct namespace *namespace)
1451{ 1452{
1452 struct vfsmount *mnt;
1453
1454 down_write(&namespace->sem); 1453 down_write(&namespace->sem);
1455 spin_lock(&vfsmount_lock); 1454 spin_lock(&vfsmount_lock);
1456
1457 list_for_each_entry(mnt, &namespace->list, mnt_list) {
1458 mnt->mnt_namespace = NULL;
1459 }
1460
1461 umount_tree(namespace->root); 1455 umount_tree(namespace->root);
1462 spin_unlock(&vfsmount_lock); 1456 spin_unlock(&vfsmount_lock);
1463 up_write(&namespace->sem); 1457 up_write(&namespace->sem);