Quoting Hillf Danton ([email protected]): > When racing on adding into user cache, the new allocated from mm slab > is freed without putting user namespace. > > Since the user namespace is already operated by getting, putting has > to be issued. > > Signed-off-by: Hillf Danton <[email protected]>
which was previously > Acked-by: Serge Hallyn <[email protected]> thanks again, Hillf. > --- > > --- a/kernel/user.c 2010-11-01 19:54:12.000000000 +0800 > +++ b/kernel/user.c 2010-12-23 20:42:00.000000000 +0800 > @@ -158,6 +158,7 @@ struct user_struct *alloc_uid(struct use > spin_lock_irq(&uidhash_lock); > up = uid_hash_find(uid, hashent); > if (up) { > + put_user_ns(ns); > key_put(new->uid_keyring); > key_put(new->session_keyring); > kmem_cache_free(uid_cachep, new); _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
