bsdacct: use del_timer_sync() in acct_exit_ns()
acct_exit_ns --> acct_file_reopen deletes timer without check timer execution on other CPUs. So acct_timeout() can change an unmapped memory. Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Cc: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
ab941e0fff
commit
11cad320a4
1 changed files with 9 additions and 8 deletions
|
@ -353,17 +353,18 @@ void acct_auto_close(struct super_block *sb)
|
|||
|
||||
void acct_exit_ns(struct pid_namespace *ns)
|
||||
{
|
||||
struct bsd_acct_struct *acct;
|
||||
struct bsd_acct_struct *acct = ns->bacct;
|
||||
|
||||
if (acct == NULL)
|
||||
return;
|
||||
|
||||
del_timer_sync(&acct->timer);
|
||||
spin_lock(&acct_lock);
|
||||
acct = ns->bacct;
|
||||
if (acct != NULL) {
|
||||
if (acct->file != NULL)
|
||||
acct_file_reopen(acct, NULL, NULL);
|
||||
|
||||
kfree(acct);
|
||||
}
|
||||
if (acct->file != NULL)
|
||||
acct_file_reopen(acct, NULL, NULL);
|
||||
spin_unlock(&acct_lock);
|
||||
|
||||
kfree(acct);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in a new issue