diff options
author | Dhaval Giani <dhaval@linux.vnet.ibm.com> | 2009-03-10 15:55:56 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-03-10 18:55:11 -0400 |
commit | be50b8342dead8cacf57d4839240106b225d31f5 (patch) | |
tree | a5f40b583e4c008313b090426fa785d178348e76 /kernel | |
parent | d58ab5cf09679d8cb4824e22cae900c0eab5ab31 (diff) |
kernel/user.c: fix a memory leak when freeing up non-init usernamespaces users
We were returning early in the sysfs directory cleanup function if the
user belonged to a non init usernamespace. Due to this a lot of the
cleanup was not done and we were left with a leak. Fix the leak.
Reported-by: Serge Hallyn <serue@linux.vnet.ibm.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Tested-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/user.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/kernel/user.c b/kernel/user.c index 6a9b696128c8..fbb300e6191f 100644 --- a/kernel/user.c +++ b/kernel/user.c | |||
@@ -286,14 +286,12 @@ int __init uids_sysfs_init(void) | |||
286 | /* work function to remove sysfs directory for a user and free up | 286 | /* work function to remove sysfs directory for a user and free up |
287 | * corresponding structures. | 287 | * corresponding structures. |
288 | */ | 288 | */ |
289 | static void remove_user_sysfs_dir(struct work_struct *w) | 289 | static void cleanup_user_struct(struct work_struct *w) |
290 | { | 290 | { |
291 | struct user_struct *up = container_of(w, struct user_struct, work); | 291 | struct user_struct *up = container_of(w, struct user_struct, work); |
292 | unsigned long flags; | 292 | unsigned long flags; |
293 | int remove_user = 0; | 293 | int remove_user = 0; |
294 | 294 | ||
295 | if (up->user_ns != &init_user_ns) | ||
296 | return; | ||
297 | /* Make uid_hash_remove() + sysfs_remove_file() + kobject_del() | 295 | /* Make uid_hash_remove() + sysfs_remove_file() + kobject_del() |
298 | * atomic. | 296 | * atomic. |
299 | */ | 297 | */ |
@@ -312,9 +310,11 @@ static void remove_user_sysfs_dir(struct work_struct *w) | |||
312 | if (!remove_user) | 310 | if (!remove_user) |
313 | goto done; | 311 | goto done; |
314 | 312 | ||
315 | kobject_uevent(&up->kobj, KOBJ_REMOVE); | 313 | if (up->user_ns == &init_user_ns) { |
316 | kobject_del(&up->kobj); | 314 | kobject_uevent(&up->kobj, KOBJ_REMOVE); |
317 | kobject_put(&up->kobj); | 315 | kobject_del(&up->kobj); |
316 | kobject_put(&up->kobj); | ||
317 | } | ||
318 | 318 | ||
319 | sched_destroy_user(up); | 319 | sched_destroy_user(up); |
320 | key_put(up->uid_keyring); | 320 | key_put(up->uid_keyring); |
@@ -335,7 +335,7 @@ static void free_user(struct user_struct *up, unsigned long flags) | |||
335 | atomic_inc(&up->__count); | 335 | atomic_inc(&up->__count); |
336 | spin_unlock_irqrestore(&uidhash_lock, flags); | 336 | spin_unlock_irqrestore(&uidhash_lock, flags); |
337 | 337 | ||
338 | INIT_WORK(&up->work, remove_user_sysfs_dir); | 338 | INIT_WORK(&up->work, cleanup_user_struct); |
339 | schedule_work(&up->work); | 339 | schedule_work(&up->work); |
340 | } | 340 | } |
341 | 341 | ||