From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gao feng Subject: Re: [PATCH] namespace:unmount pid_namespace's proc_mnt when copy_net_ns failed Date: Fri, 02 Nov 2012 15:33:15 +0800 Message-ID: <5093773B.5010706@cn.fujitsu.com> References: <1351816703-8805-1-git-send-email-gaofeng@cn.fujitsu.com> <87ehkcij1a.fsf@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <87ehkcij1a.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: "Eric W. Biederman" Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: containers.vger.kernel.org 5LqOIDIwMTLlubQxMeaciDAy5pelIDE1OjAyLCBFcmljIFcuIEJpZWRlcm1hbiDlhpnpgZM6Cj4g R2FvIGZlbmcgPGdhb2ZlbmdAY24uZnVqaXRzdS5jb20+IHdyaXRlczoKPiAKPj4gd2Ugc2hvdWxk IGNhbGwgcGlkX25zX3JlbGVhc2VfcHJvYyB0byB1bm1vdW50IHBpZF9uYW1lc3BhY2Uncwo+PiBw cm9jX21udCB3aGVuIGNvcHlfbmV0X25zIGZhaWxlZCBpbiBmdW5jdGlvbiBjcmVhdGVfbmV3X25h bWVzcGFjZXMuCj4+Cj4+IG90aGVyd2lzZSx0aGUgcHJvY19tbnQgd2lsbCBub3QgYmUgZnJlZWQg YW5kIGJlY2F1c2UgdGhlIHN1cGVyX2Jsb2NrCj4+IG9mIHByb2NfbW50IGFsc28gYWRkIHRoZSBy ZWZlcmVuY2Ugb2YgdGhlIHBpZF9uYW1lc3BhY2Usc28gdGhpcwo+PiBwaWRfbmFtZXNwYWNlIHdp bGwgbmV2ZXIgYmUgcmVsZWFzZWQgdG9vLgo+IAo+IE91Y2ghCj4gCj4gSGF2ZSB5b3UgZW5jb3Vu dGVyZWQgdGhpcyBmYWlsdXJlIGluIHByYWN0aWNlIG9yIGlzIHRoaXMganVzdCBmcm9tCj4gcmV2 aWV3PwoKSSBhZGQgc29tZSBwcmludGsgaW4gcGlkX25zX3JlbGVhc2VfcHJvYyxpdCdzIG5vdCBj YWxsZWQgaW4gYWJvdmUgY2FzZS4Kd2hlbiBjb3B5X25ldF9ucyBmYWlsZWQsdGhpcyBwaWRfbmFt ZXNwYWNlIGlzIG5vdCB1c2VkIGJ5IGFueSB0YXNrLApzbyBwcm9jX2ZsdXNoX3Rhc2sgY2FuJ3Qg Y2FsbCBwaWRfbnNfcmVsZWFzZV9wcm9jIHRvIHVtb3VudCB0aGlzIHBpZG5zLT5wcm9jX21udC4K aXQncyB0aGUgb25seSBjaGFuY2Ugd2UgY2FuIHVubW91bnQgdGhpcyBwaW5kbnMtPnByb2NfbW50 LgoKV2l0aCB0aGlzIHBhdGNoLGV2ZXJ5dGhpbmcgcnVucyB3ZWxsLgoKVGhhbmtzCkdhbwoKPiAK PiBJJ20gdHJ5aW5nIHRvIGdhdWdlIHRoZSBzZXZlcml0eSBvZiB0aGlzIGxlYWsuCj4gCj4gRXJp Ywo+IAo+IAo+PiBTaWduZWQtb2ZmLWJ5OiBHYW8gZmVuZyA8Z2FvZmVuZ0Bjbi5mdWppdHN1LmNv bT4KPj4gLS0tCj4+ICBrZXJuZWwvbnNwcm94eS5jIHwgICAgNSArKysrLQo+PiAgMSBmaWxlcyBj aGFuZ2VkLCA0IGluc2VydGlvbnMoKyksIDEgZGVsZXRpb25zKC0pCj4+Cj4+IGRpZmYgLS1naXQg YS9rZXJuZWwvbnNwcm94eS5jIGIva2VybmVsL25zcHJveHkuYwo+PiBpbmRleCBiNTc2ZjdmLi5k NTM2NDgwIDEwMDY0NAo+PiAtLS0gYS9rZXJuZWwvbnNwcm94eS5jCj4+ICsrKyBiL2tlcm5lbC9u c3Byb3h5LmMKPj4gQEAgLTk5LDggKzk5LDExIEBAIHN0YXRpYyBzdHJ1Y3QgbnNwcm94eSAqY3Jl YXRlX25ld19uYW1lc3BhY2VzKHVuc2lnbmVkIGxvbmcgZmxhZ3MsCj4+ICAJcmV0dXJuIG5ld19u c3A7Cj4+ICAKPj4gIG91dF9uZXQ6Cj4+IC0JaWYgKG5ld19uc3AtPnBpZF9ucykKPj4gKwlpZiAo bmV3X25zcC0+cGlkX25zKSB7Cj4+ICsJCWlmIChmbGFncyAmIENMT05FX05FV1BJRCkKPj4gKwkJ CXBpZF9uc19yZWxlYXNlX3Byb2MobmV3X25zcC0+cGlkX25zKTsKPj4gIAkJcHV0X3BpZF9ucyhu ZXdfbnNwLT5waWRfbnMpOwo+PiArCX0KPj4gIG91dF9waWQ6Cj4+ICAJaWYgKG5ld19uc3AtPmlw Y19ucykKPj4gIAkJcHV0X2lwY19ucyhuZXdfbnNwLT5pcGNfbnMpOwo+IC0tCj4gVG8gdW5zdWJz Y3JpYmUgZnJvbSB0aGlzIGxpc3Q6IHNlbmQgdGhlIGxpbmUgInVuc3Vic2NyaWJlIGxpbnV4LWtl cm5lbCIgaW4KPiB0aGUgYm9keSBvZiBhIG1lc3NhZ2UgdG8gbWFqb3Jkb21vQHZnZXIua2VybmVs Lm9yZwo+IE1vcmUgbWFqb3Jkb21vIGluZm8gYXQgIGh0dHA6Ly92Z2VyLmtlcm5lbC5vcmcvbWFq b3Jkb21vLWluZm8uaHRtbAo+IFBsZWFzZSByZWFkIHRoZSBGQVEgYXQgIGh0dHA6Ly93d3cudHV4 Lm9yZy9sa21sLwo+IAoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX18KQ29udGFpbmVycyBtYWlsaW5nIGxpc3QKQ29udGFpbmVyc0BsaXN0cy5saW51eC1mb3Vu ZGF0aW9uLm9yZwpodHRwczovL2xpc3RzLmxpbnV4Zm91bmRhdGlvbi5vcmcvbWFpbG1hbi9saXN0 aW5mby9jb250YWluZXJz From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754582Ab2KBHdb (ORCPT ); Fri, 2 Nov 2012 03:33:31 -0400 Received: from cn.fujitsu.com ([222.73.24.84]:3499 "EHLO song.cn.fujitsu.com" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1753188Ab2KBHda convert rfc822-to-8bit (ORCPT ); Fri, 2 Nov 2012 03:33:30 -0400 X-IronPort-AV: E=Sophos;i="4.80,698,1344182400"; d="scan'208";a="6123662" Message-ID: <5093773B.5010706@cn.fujitsu.com> Date: Fri, 02 Nov 2012 15:33:15 +0800 From: Gao feng User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120911 Thunderbird/15.0.1 MIME-Version: 1.0 To: "Eric W. Biederman" CC: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org Subject: Re: [PATCH] namespace:unmount pid_namespace's proc_mnt when copy_net_ns failed References: <1351816703-8805-1-git-send-email-gaofeng@cn.fujitsu.com> <87ehkcij1a.fsf@xmission.com> In-Reply-To: <87ehkcij1a.fsf@xmission.com> X-MIMETrack: Itemize by SMTP Server on mailserver/fnst(Release 8.5.3|September 15, 2011) at 2012/11/02 15:32:40, Serialize by Router on mailserver/fnst(Release 8.5.3|September 15, 2011) at 2012/11/02 15:32:41 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 于 2012年11月02日 15:02, Eric W. Biederman 写道: > Gao feng writes: > >> we should call pid_ns_release_proc to unmount pid_namespace's >> proc_mnt when copy_net_ns failed in function create_new_namespaces. >> >> otherwise,the proc_mnt will not be freed and because the super_block >> of proc_mnt also add the reference of the pid_namespace,so this >> pid_namespace will never be released too. > > Ouch! > > Have you encountered this failure in practice or is this just from > review? I add some printk in pid_ns_release_proc,it's not called in above case. when copy_net_ns failed,this pid_namespace is not used by any task, so proc_flush_task can't call pid_ns_release_proc to umount this pidns->proc_mnt. it's the only chance we can unmount this pindns->proc_mnt. With this patch,everything runs well. Thanks Gao > > I'm trying to gauge the severity of this leak. > > Eric > > >> Signed-off-by: Gao feng >> --- >> kernel/nsproxy.c | 5 ++++- >> 1 files changed, 4 insertions(+), 1 deletions(-) >> >> diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c >> index b576f7f..d536480 100644 >> --- a/kernel/nsproxy.c >> +++ b/kernel/nsproxy.c >> @@ -99,8 +99,11 @@ static struct nsproxy *create_new_namespaces(unsigned long flags, >> return new_nsp; >> >> out_net: >> - if (new_nsp->pid_ns) >> + if (new_nsp->pid_ns) { >> + if (flags & CLONE_NEWPID) >> + pid_ns_release_proc(new_nsp->pid_ns); >> put_pid_ns(new_nsp->pid_ns); >> + } >> out_pid: >> if (new_nsp->ipc_ns) >> put_ipc_ns(new_nsp->ipc_ns); > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ >