From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Subject: Re: namespaces?: bug at mm/slub.c:2750 Date: Wed, 11 Feb 2009 11:24:16 -0600 Message-ID: <20090211172416.GA30756@us.ibm.com> References: <20090211163753.GA29372@us.ibm.com> <20090206113556.GA3161@alice> <20090206161518.81e7d42c.akpm@linux-foundation.org> <19f34abd0902102355o5bf51096o9aa3737e87104fb9@mail.gmail.com> <20090211000740.f1de7cec.akpm@linux-foundation.org> <19f34abd0902110248n22f8de12lccfa99faafafb942@mail.gmail.com> <1538.1234371764@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <1538.1234371764-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: David Howells Cc: Dhaval Giani , Vegard Nossum , Eric Sesterhenn , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org, Andrew Morton , Peter Zijlstra List-Id: containers.vger.kernel.org Quoting David Howells (dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org): > Serge E. Hallyn wrote: > > > static void uid_hash_remove(struct user_struct *up) > > { > > + put_user_ns(up->user_ns); > > hlist_del_init(&up->uidhash_node); > > } > > Don't you need to do the hlist_del_init() first? Otherwise, mightn't the > put_user_ns() cause the namespace to be freed before hlist_del_init() removes > the user_struct from it? It's called under uidhash_lock spinlock so should be ok, but in principle you're right so it's probably a good idea. The main point is that without this patch, put_user_ns is done before the hlist_del_init and *not* atomically under uidhash_lock. thanks, -serge