From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sun 16 Nov 2003 - 16:48:38 GMT
Hi All!
on my regular code reviews, I stumbled over the follwing
'minor' bug in switch_user_struct() ...
static inline int switch_user_struct(int new_context)
{
struct user_struct *new_user;
new_user = alloc_uid(new_context, current->uid);
if (!new_user)
return -ENOMEM;
if (new_user != current->user) {
struct user_struct *old_user = current->user;
atomic_inc(&new_user->processes);
atomic_dec(&old_user->processes);
current->user = new_user;
free_uid(old_user);
}
return 0;
}
in the unlikely case of new_user == current->user
(which IMHO only happens if you switch to the current
context, a not very likely thing ;), the new_user
isn't feed, an this way keeps a reference to that
user_struct forever ...
the attached patch fixes this ... but I'm not
sure that anybody will ever hit this ...
best,
Herbert
--- ./kernel/signal.c.orig Sat Nov 1 10:36:51 2003
+++ ./kernel/signal.c Sun Nov 16 16:51:27 2003
@@ -1345,6 +1345,8 @@ static inline int switch_user_struct(int
current->user = new_user;
free_uid(old_user);
}
+ else
+ free_uid(new_user);
return 0;
}
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver