From 7a238fcba0629b6f2edbcd37458bae56fcf36be5 Mon Sep 17 00:00:00 2001 From: "Serge E. Hallyn" Date: Mon, 29 Jan 2007 13:19:40 -0800 Subject: [PATCH] namespaces: fix exit race by splitting exit Fix exit race by splitting the nsproxy putting into two pieces. First piece reduces the nsproxy refcount. If we dropped the last reference, then it puts the mnt_ns, and returns the nsproxy as a hint to the caller. Else it returns NULL. The second piece of exiting task namespaces sets tsk->nsproxy to NULL, and drops the references to other namespaces and frees the nsproxy only if an nsproxy was passed in. A little awkward and should probably be reworked, but hopefully it fixes the NFS oops. Signed-off-by: Serge E. Hallyn Cc: Herbert Poetzl Cc: Oleg Nesterov Cc: "Eric W. Biederman" Cc: Cedric Le Goater Cc: Daniel Hokka Zakrisson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- include/linux/nsproxy.h | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'include/linux/nsproxy.h') diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h index 0b9f0dc30d6..678e1d38eff 100644 --- a/include/linux/nsproxy.h +++ b/include/linux/nsproxy.h @@ -35,22 +35,30 @@ struct nsproxy *dup_namespaces(struct nsproxy *orig); int copy_namespaces(int flags, struct task_struct *tsk); void get_task_namespaces(struct task_struct *tsk); void free_nsproxy(struct nsproxy *ns); +struct nsproxy *put_nsproxy(struct nsproxy *ns); -static inline void put_nsproxy(struct nsproxy *ns) +static inline void finalize_put_nsproxy(struct nsproxy *ns) { - if (atomic_dec_and_test(&ns->count)) { + if (ns) free_nsproxy(ns); - } } -static inline void exit_task_namespaces(struct task_struct *p) +static inline void put_and_finalize_nsproxy(struct nsproxy *ns) { - struct nsproxy *ns = p->nsproxy; - if (ns) { - task_lock(p); - p->nsproxy = NULL; - task_unlock(p); - put_nsproxy(ns); - } + finalize_put_nsproxy(put_nsproxy(ns)); +} + +static inline struct nsproxy *preexit_task_namespaces(struct task_struct *p) +{ + return put_nsproxy(p->nsproxy); +} + +static inline void exit_task_namespaces(struct task_struct *p, + struct nsproxy *ns) +{ + task_lock(p); + p->nsproxy = NULL; + task_unlock(p); + finalize_put_nsproxy(ns); } #endif -- cgit v1.2.3-70-g09d2