summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorHillf Danton <dhillf@gmail.com>2010-12-29 14:55:28 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2010-12-29 20:31:38 +0100
commit4ef9e11d6867f88951e30db910fa015300e31871 (patch)
tree5533f5cb2c7a054db9784b48e0b8484d5060f7d7 /kernel
parentLinux 2.6.37-rc8 (diff)
downloadlinux-4ef9e11d6867f88951e30db910fa015300e31871.tar.xz
linux-4ef9e11d6867f88951e30db910fa015300e31871.zip
fix freeing user_struct in user cache
When racing on adding into user cache, the new allocated from mm slab is freed without putting user namespace. Since the user namespace is already operated by getting, putting has to be issued. Signed-off-by: Hillf Danton <dhillf@gmail.com> Acked-by: Serge Hallyn <serge@hallyn.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/user.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/user.c b/kernel/user.c
index 2c7d8d5914b1..5c598ca781df 100644
--- a/kernel/user.c
+++ b/kernel/user.c
@@ -158,6 +158,7 @@ struct user_struct *alloc_uid(struct user_namespace *ns, uid_t uid)
spin_lock_irq(&uidhash_lock);
up = uid_hash_find(uid, hashent);
if (up) {
+ put_user_ns(ns);
key_put(new->uid_keyring);
key_put(new->session_keyring);
kmem_cache_free(uid_cachep, new);