2 files changed, 18 insertions, 4 deletions
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
index 315bcd375224..cc4f45361dbb 100644
--- a/include/linux/user_namespace.h
+++ b/include/linux/user_namespace.h
@@ -13,6 +13,7 @@ struct user_namespace {
        struct kref             kref;
        struct hlist_head       uidhash_table[UIDHASH_SZ];
        struct user_struct      *creator;
+        struct work_struct      destroyer;
 };
 extern struct user_namespace init_user_ns;
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index 79084311ee57..076c7c8215b0 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -60,12 +60,25 @@ int create_user_ns(struct cred *new)
        return 0;
 }
-void free_user_ns(struct kref *kref)
+/*
+ * Deferred destructor for a user namespace.  This is required because
+ * free_user_ns() may be called with uidhash_lock held, but we need to call
+ * back to free_uid() which will want to take the lock again.
+ */
+static void free_user_ns_work(struct work_struct *work)
 {
-        struct user_namespace *ns;
+        struct user_namespace *ns =
+                container_of(work, struct user_namespace, destroyer);
-        ns = container_of(kref, struct user_namespace, kref);
        free_uid(ns->creator);
        kfree(ns);
 }
+void free_user_ns(struct kref *kref)
+{
+        struct user_namespace *ns =
+                container_of(kref, struct user_namespace, kref);
+        INIT_WORK(&ns->destroyer, free_user_ns_work);
+        schedule_work(&ns->destroyer);
+}
 EXPORT_SYMBOL(free_user_ns);

diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 315bcd375224..cc4f45361dbb 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h
@@ -13,6 +13,7 @@ struct user_namespace {
13	struct kref kref;	13	struct kref kref;
14	struct hlist_head uidhash_table[UIDHASH_SZ];	14	struct hlist_head uidhash_table[UIDHASH_SZ];
15	struct user_struct *creator;	15	struct user_struct *creator;
		16	struct work_struct destroyer;
16	};	17	};
17		18
18	extern struct user_namespace init_user_ns;	19	extern struct user_namespace init_user_ns;


diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 79084311ee57..076c7c8215b0 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c
@@ -60,12 +60,25 @@ int create_user_ns(struct cred *new)
60	return 0;	60	return 0;
61	}	61	}
62		62
63	void free_user_ns(struct kref *kref)	63	/*
		64	* Deferred destructor for a user namespace. This is required because
		65	* free_user_ns() may be called with uidhash_lock held, but we need to call
		66	* back to free_uid() which will want to take the lock again.
		67	*/
		68	static void free_user_ns_work(struct work_struct *work)
64	{	69	{
65	struct user_namespace *ns;	70	struct user_namespace *ns =
66		71	container_of(work, struct user_namespace, destroyer);
67	ns = container_of(kref, struct user_namespace, kref);
68	free_uid(ns->creator);	72	free_uid(ns->creator);
69	kfree(ns);	73	kfree(ns);
70	}	74	}
		75
		76	void free_user_ns(struct kref *kref)
		77	{
		78	struct user_namespace *ns =
		79	container_of(kref, struct user_namespace, kref);
		80
		81	INIT_WORK(&ns->destroyer, free_user_ns_work);
		82	schedule_work(&ns->destroyer);
		83	}
71	EXPORT_SYMBOL(free_user_ns);	84	EXPORT_SYMBOL(free_user_ns);