diff options
author | Miklos Szeredi <miklos@szeredi.hu> | 2005-07-07 20:57:22 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-07-07 21:23:51 -0400 |
commit | 202322e6f7cd12e82b5ff0fa92bbdf517fcf0947 (patch) | |
tree | 82c1f7b4b97d5b31654157a8f427a5c8d546504f /fs | |
parent | 6f50142e4b092a469920a0008fc23121c3d99f2f (diff) |
[PATCH] namespace.c: fix mnt_namespace clearing
This patch clears mnt_namespace on unmount.
Not clearing mnt_namespace has two effects:
1) It is possible to attach a new mount to a detached mount,
because check_mnt() returns true.
This means, that when no other references to the detached mount
remain, it still can't be freed. This causes a resource leak,
and possibly un-removable modules.
2) If mnt_namespace is dereferenced (only in mark_mounts_for_expiry())
after the namspace has been freed, it can cause an Oops, memory
corruption, etc.
1) has been tested before and after the patch, 2) is only speculation.
Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Acked-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/namespace.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 208c079e9fdb..a0d0ef1f1a48 100644 --- a/fs/namespace.c +++ b/fs/namespace.c | |||
@@ -345,6 +345,7 @@ static void umount_tree(struct vfsmount *mnt) | |||
345 | for (p = mnt; p; p = next_mnt(p, mnt)) { | 345 | for (p = mnt; p; p = next_mnt(p, mnt)) { |
346 | list_del(&p->mnt_list); | 346 | list_del(&p->mnt_list); |
347 | list_add(&p->mnt_list, &kill); | 347 | list_add(&p->mnt_list, &kill); |
348 | p->mnt_namespace = NULL; | ||
348 | } | 349 | } |
349 | 350 | ||
350 | while (!list_empty(&kill)) { | 351 | while (!list_empty(&kill)) { |
@@ -1449,15 +1450,8 @@ void __init mnt_init(unsigned long mempages) | |||
1449 | 1450 | ||
1450 | void __put_namespace(struct namespace *namespace) | 1451 | void __put_namespace(struct namespace *namespace) |
1451 | { | 1452 | { |
1452 | struct vfsmount *mnt; | ||
1453 | |||
1454 | down_write(&namespace->sem); | 1453 | down_write(&namespace->sem); |
1455 | spin_lock(&vfsmount_lock); | 1454 | spin_lock(&vfsmount_lock); |
1456 | |||
1457 | list_for_each_entry(mnt, &namespace->list, mnt_list) { | ||
1458 | mnt->mnt_namespace = NULL; | ||
1459 | } | ||
1460 | |||
1461 | umount_tree(namespace->root); | 1455 | umount_tree(namespace->root); |
1462 | spin_unlock(&vfsmount_lock); | 1456 | spin_unlock(&vfsmount_lock); |
1463 | up_write(&namespace->sem); | 1457 | up_write(&namespace->sem); |