tree 82c1f7b4b97d5b31654157a8f427a5c8d546504f
parent 6f50142e4b092a469920a0008fc23121c3d99f2f
author Miklos Szeredi <[EMAIL PROTECTED]> Fri, 08 Jul 2005 07:57:22 -0700
committer Linus Torvalds <[EMAIL PROTECTED]> Fri, 08 Jul 2005 08:23:51 -0700
[PATCH] namespace.c: fix mnt_namespace clearing
This patch clears mnt_namespace on unmount.
Not clearing mnt_namespace has two effects:
1) It is possible to attach a new mount to a detached mount,
because check_mnt() returns true.
This means, that when no other references to the detached mount
remain, it still can't be freed. This causes a resource leak,
and possibly un-removable modules.
2) If mnt_namespace is dereferenced (only in mark_mounts_for_expiry())
after the namspace has been freed, it can cause an Oops, memory
corruption, etc.
1) has been tested before and after the patch, 2) is only speculation.
Signed-off-by: Miklos Szeredi <[EMAIL PROTECTED]>
Acked-by: Christoph Hellwig <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
fs/namespace.c | 8 +-------
1 files changed, 1 insertion(+), 7 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -345,6 +345,7 @@ static void umount_tree(struct vfsmount
for (p = mnt; p; p = next_mnt(p, mnt)) {
list_del(&p->mnt_list);
list_add(&p->mnt_list, &kill);
+ p->mnt_namespace = NULL;
}
while (!list_empty(&kill)) {
@@ -1449,15 +1450,8 @@ void __init mnt_init(unsigned long mempa
void __put_namespace(struct namespace *namespace)
{
- struct vfsmount *mnt;
-
down_write(&namespace->sem);
spin_lock(&vfsmount_lock);
-
- list_for_each_entry(mnt, &namespace->list, mnt_list) {
- mnt->mnt_namespace = NULL;
- }
-
umount_tree(namespace->root);
spin_unlock(&vfsmount_lock);
up_write(&namespace->sem);
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
