pidns: remove recursion from free_pid_ns()
free_pid_ns() operates in a recursive fashion: free_pid_ns(parent) put_pid_ns(parent) kref_put(&ns->kref, free_pid_ns); free_pid_ns thus if there was a huge nesting of namespaces the userspace may trigger avalanche calling of free_pid_ns leading to kernel stack exhausting and a panic eventually. This patch turns the recursion into an iterative loop. Based on a patch by Andrew Vagin. [akpm@linux-foundation.org: export put_pid_ns() to modules] Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Cc: Andrew Vagin <avagin@openvz.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Pavel Emelyanov <xemul@parallels.com> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
dc36d7e7cd
commit
bbc2e3ef87
@ -47,15 +47,9 @@ static inline struct pid_namespace *get_pid_ns(struct pid_namespace *ns)
|
||||
}
|
||||
|
||||
extern struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *ns);
|
||||
extern void free_pid_ns(struct kref *kref);
|
||||
extern void zap_pid_ns_processes(struct pid_namespace *pid_ns);
|
||||
extern int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd);
|
||||
|
||||
static inline void put_pid_ns(struct pid_namespace *ns)
|
||||
{
|
||||
if (ns != &init_pid_ns)
|
||||
kref_put(&ns->kref, free_pid_ns);
|
||||
}
|
||||
extern void put_pid_ns(struct pid_namespace *ns);
|
||||
|
||||
#else /* !CONFIG_PID_NS */
|
||||
#include <linux/err.h>
|
||||
|
@ -133,19 +133,26 @@ struct pid_namespace *copy_pid_ns(unsigned long flags, struct pid_namespace *old
|
||||
return create_pid_namespace(old_ns);
|
||||
}
|
||||
|
||||
void free_pid_ns(struct kref *kref)
|
||||
static void free_pid_ns(struct kref *kref)
|
||||
{
|
||||
struct pid_namespace *ns, *parent;
|
||||
struct pid_namespace *ns;
|
||||
|
||||
ns = container_of(kref, struct pid_namespace, kref);
|
||||
|
||||
parent = ns->parent;
|
||||
destroy_pid_namespace(ns);
|
||||
|
||||
if (parent != NULL)
|
||||
put_pid_ns(parent);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(free_pid_ns);
|
||||
|
||||
void put_pid_ns(struct pid_namespace *ns)
|
||||
{
|
||||
struct pid_namespace *parent;
|
||||
|
||||
while (ns != &init_pid_ns) {
|
||||
parent = ns->parent;
|
||||
if (!kref_put(&ns->kref, free_pid_ns))
|
||||
break;
|
||||
ns = parent;
|
||||
}
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(put_pid_ns);
|
||||
|
||||
void zap_pid_ns_processes(struct pid_namespace *pid_ns)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user