Re: + pidns-remove-recursion-from-free_pid_ns-v3.patch added to -mm tree

Tue, 09 Oct 2012 13:25:40 -0700 

On Tue, Oct 09, 2012 at 12:02:10PM -0700, Greg KH wrote:
> 
> Someone is abusing something here, please don't change the kref api to
> work around someone using it improperly.
> 
> So no, please don't apply this at all.

Greg, would this one be better?
---
From: Cyrill Gorcunov <gorcu...@openvz.org>
Subject: [PATCH] pidns: remove recursion from free_pid_ns() v4

The free_pid_ns function done in recursion fashion:

free_pid_ns(parent)
  put_pid_ns(parent)
    kref_put(&ns->kref, free_pid_ns);
      free_pid_ns

thus if there was a huge nesting of namespaces the userspace
may trigger avalanche calling of free_pid_ns leading to
kernel stack exhausting and a panic eventually.

This patch turns the recursion into iterative loop.

Based-on-patch-by: Andrew Vagin <ava...@openvz.org>
Tested-by: Andrew Vagin <ava...@openvz.org>
Signed-off-by: Cyrill Gorcunov <gorcu...@openvz.org>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: Oleg Nesterov <o...@redhat.com>
Cc: "Eric W. Biederman" <ebied...@xmission.com>
Cc: Pavel Emelyanov <xe...@parallels.com>
Cc: Greg KH <g...@kroah.com>
Cc: <stable@vger.kernel.org>
---
 include/linux/pid_namespace.h |   10 ++++++++--
 kernel/pid_namespace.c        |    7 +------
 2 files changed, 9 insertions(+), 8 deletions(-)

Index: linux-2.6.git/include/linux/pid_namespace.h
===================================================================
--- linux-2.6.git.orig/include/linux/pid_namespace.h
+++ linux-2.6.git/include/linux/pid_namespace.h
@@ -53,8 +53,14 @@ extern int reboot_pid_ns(struct pid_name
 
 static inline void put_pid_ns(struct pid_namespace *ns)
 {
-       if (ns != &init_pid_ns)
-               kref_put(&ns->kref, free_pid_ns);
+       struct pid_namespace *parent;
+       int ret = 1;
+
+       while (ns != &init_pid_ns && ret) {
+               parent = ns->parent;
+               ret = kref_put(&ns->kref, free_pid_ns);
+               ns = parent;
+       }
 }
 
 #else /* !CONFIG_PID_NS */
Index: linux-2.6.git/kernel/pid_namespace.c
===================================================================
--- linux-2.6.git.orig/kernel/pid_namespace.c
+++ linux-2.6.git/kernel/pid_namespace.c
@@ -134,15 +134,10 @@ struct pid_namespace *copy_pid_ns(unsign
 
 void free_pid_ns(struct kref *kref)
 {
-       struct pid_namespace *ns, *parent;
+       struct pid_namespace *ns;
 
        ns = container_of(kref, struct pid_namespace, kref);
-
-       parent = ns->parent;
        destroy_pid_namespace(ns);
-
-       if (parent != NULL)
-               put_pid_ns(parent);
 }
 
 void zap_pid_ns_processes(struct pid_namespace *pid_ns)
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to