From: Andrew Morton <akpm@linux-foundation.org>
To: Andrew Vagin <avagin@openvz.org>
Cc: linux-kernel@vger.kernel.org, criu@openvz.org,
Pavel Emelyanov <xemul@parallels.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Greg KH <greg@kroah.com>
Subject: Re: [PATCH] pidns: remove recursion from free_pid_ns (v3)
Date: Tue, 9 Oct 2012 11:48:21 -0700 [thread overview]
Message-ID: <20121009114821.dc4c2aff.akpm@linux-foundation.org> (raw)
In-Reply-To: <1349553393-902065-1-git-send-email-avagin@openvz.org>
On Sat, 6 Oct 2012 23:56:33 +0400
Andrew Vagin <avagin@openvz.org> wrote:
> Here is a stack trace of recursion:
> free_pid_ns(parent)
> put_pid_ns(parent)
> kref_put(&ns->kref, free_pid_ns);
> free_pid_ns
>
> This patch turns recursion into loops.
>
> pidns can be nested many times, so in case of recursion
> a simple user space program can provoke a kernel panic
> due to exceed of a kernel stack.
So we should backport this into earlier kernels.
> --- a/include/linux/kref.h
> +++ b/include/linux/kref.h
> @@ -95,6 +95,18 @@ static inline int kref_put(struct kref *kref, void (*release)(struct kref *kref)
> return kref_sub(kref, 1, release);
> }
>
> +/**
> + * kref_put - decrement refcount for object.
> + * @kref: object.
> + *
> + * Decrement the refcount.
> + * Return 1 if refcount is zero.
> + */
> +static inline int __kref_put(struct kref *kref)
> +{
> + return atomic_dec_and_test(&kref->refcount);
> +}
Greg might be interested in this.
It's a pretty specialised thing and perhaps it needs some stern words
in the description explaining when and why it should and shouldn't be
used.
I wonder if people might (ab)use this to avoid the "doesn't
have a release function" warning.
> static inline int kref_put_mutex(struct kref *kref,
> void (*release)(struct kref *kref),
> struct mutex *lock)
> diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
> index 6144bab..b051fa6 100644
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -138,11 +138,19 @@ void free_pid_ns(struct kref *kref)
>
> ns = container_of(kref, struct pid_namespace, kref);
>
> - parent = ns->parent;
> - destroy_pid_namespace(ns);
> + while (1) {
> + parent = ns->parent;
> + destroy_pid_namespace(ns);
>
> - if (parent != NULL)
> - put_pid_ns(parent);
> + if (parent == &init_pid_ns)
> + break;
> +
> + /* kref_put cannot be used for avoiding recursion */
> + if (__kref_put(&parent->kref) == 0)
> + break;
> +
> + ns = parent;
> + }
> }
>
> void zap_pid_ns_processes(struct pid_namespace *pid_ns)
next prev parent reply other threads:[~2012-10-09 18:48 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-06 19:56 [PATCH] pidns: remove recursion from free_pid_ns (v3) Andrew Vagin
2012-10-09 18:48 ` Andrew Morton [this message]
2012-10-09 19:03 ` Greg KH
2012-10-09 19:08 ` Andrew Morton
2012-10-10 7:49 ` Greg KH
2012-10-10 9:12 ` Xiaotian Feng
2012-10-10 9:18 ` Xiaotian Feng
2012-10-10 9:21 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121009114821.dc4c2aff.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=avagin@openvz.org \
--cc=criu@openvz.org \
--cc=ebiederm@xmission.com \
--cc=gorcunov@openvz.org \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.