pidns: remove recursion from free_pid_ns()
free_pid_ns() operates in a recursive fashion:
free_pid_ns(parent)
put_pid_ns(parent)
kref_put(&ns->kref, free_pid_ns);
free_pid_ns
thus if there was a huge nesting of namespaces the userspace may trigger
avalanche calling of free_pid_ns leading to kernel stack exhausting and a
panic eventually.
This patch turns the recursion into an iterative loop.
Based on a patch by Andrew Vagin.
[akpm@linux-foundation.org: export put_pid_ns() to modules]
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Andrew Vagin <avagin@openvz.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Cyrill Gorcunov
Linus Torvalds
parent
dc36d7e7cd
commit
bbc2e3ef87
2 changed files with 16 additions and 15 deletions
|
|
@ -47,15 +47,9 @@ static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
|
||||||
}
|
}
|
||||||
|
|
||||||
extern struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *ns);
|
extern struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *ns);
|
||||||
extern void free_pid_ns(struct kref *kref);
|
|
||||||
extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
|
extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
|
||||||
extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd);
|
extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd);
|
||||||
|
extern void put_pid_ns(struct pid_namespace *ns);
|
||||||
static inline void put_pid_ns(struct pid_namespace *ns)
|
|
||||||
{
|
|
||||||
if (ns != &init_pid_ns)
|
|
||||||
kref_put(&ns->kref, free_pid_ns);
|
|
||||||
}
|
|
||||||
|
|
||||||
#else /* !CONFIG_PID_NS */
|
#else /* !CONFIG_PID_NS */
|
||||||
#include <linux/err.h>
|
#include <linux/err.h>
|
||||||
|
|
|
||||||
|
|
@ -133,19 +133,26 @@ struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *old
|
||||||
return create_pid_namespace(old_ns);
|
return create_pid_namespace(old_ns);
|
||||||
}
|
}
|
||||||
|
|
||||||
void free_pid_ns(struct kref *kref)
|
static void free_pid_ns(struct kref *kref)
|
||||||
{
|
{
|
||||||
struct pid_namespace *ns, *parent;
|
struct pid_namespace *ns;
|
||||||
|
|
||||||
ns = container_of(kref, struct pid_namespace, kref);
|
ns = container_of(kref, struct pid_namespace, kref);
|
||||||
|
|
||||||
parent = ns->parent;
|
|
||||||
destroy_pid_namespace(ns);
|
destroy_pid_namespace(ns);
|
||||||
|
|
||||||
if (parent != NULL)
|
|
||||||
put_pid_ns(parent);
|
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(free_pid_ns);
|
|
||||||
|
void put_pid_ns(struct pid_namespace *ns)
|
||||||
|
{
|
||||||
|
struct pid_namespace *parent;
|
||||||
|
|
||||||
|
while (ns != &init_pid_ns) {
|
||||||
|
parent = ns->parent;
|
||||||
|
if (!kref_put(&ns->kref, free_pid_ns))
|
||||||
|
break;
|
||||||
|
ns = parent;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(put_pid_ns);
|
||||||
|
|
||||||
void zap_pid_ns_processes(struct pid_namespace *pid_ns)
|
void zap_pid_ns_processes(struct pid_namespace *pid_ns)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue