When racing on adding into user cache, the new allocated from mm slab is freed without putting user namespace.
Since the user namespace is already operated by getting, putting has to be issued. Signed-off-by: Hillf Danton <[email protected]> --- --- a/kernel/user.c 2010-11-01 19:54:12.000000000 +0800 +++ b/kernel/user.c 2010-12-23 20:42:00.000000000 +0800 @@ -158,6 +158,7 @@ struct user_struct *alloc_uid(struct use spin_lock_irq(&uidhash_lock); up = uid_hash_find(uid, hashent); if (up) { + put_user_ns(ns); key_put(new->uid_keyring); key_put(new->session_keyring); kmem_cache_free(uid_cachep, new); _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
