This is a note to let you know that I've just added the patch titled
fix freeing user_struct in user cache
to the 2.6.36-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
fix-freeing-user_struct-in-user-cache.patch
and it can be found in the queue-2.6.36 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 4ef9e11d6867f88951e30db910fa015300e31871 Mon Sep 17 00:00:00 2001
From: Hillf Danton <[email protected]>
Date: Wed, 29 Dec 2010 21:55:28 +0800
Subject: fix freeing user_struct in user cache
From: Hillf Danton <[email protected]>
commit 4ef9e11d6867f88951e30db910fa015300e31871 upstream.
When racing on adding into user cache, the new allocated from mm slab
is freed without putting user namespace.
Since the user namespace is already operated by getting, putting has
to be issued.
Signed-off-by: Hillf Danton <[email protected]>
Acked-by: Serge Hallyn <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/user.c | 1 +
1 file changed, 1 insertion(+)
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -157,6 +157,7 @@ struct user_struct *alloc_uid(struct use
spin_lock_irq(&uidhash_lock);
up = uid_hash_find(uid, hashent);
if (up) {
+ put_user_ns(ns);
key_put(new->uid_keyring);
key_put(new->session_keyring);
kmem_cache_free(uid_cachep, new);
Patches currently in stable-queue which might be from [email protected] are
queue-2.6.36/bonding-fix-slave-selection-bug.patch
queue-2.6.36/fix-freeing-user_struct-in-user-cache.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
