Revision 28f300d23674fa01ae747c66ce861d4ee6aebe8c authored by Pavel Emelyanov on 19 September 2007, 05:46:45 UTC, committed by Linus Torvalds on 19 September 2007, 18:24:18 UTC
It turned out, that the user namespace is released during the do_exit() in
exit_task_namespaces(), but the struct user_struct is released only during the
put_task_struct(), i.e. MUCH later.
On debug kernels with poisoned slabs this will cause the oops in
uid_hash_remove() because the head of the chain, which resides inside the
struct user_namespace, will be already freed and poisoned.
Since the uid hash itself is required only when someone can search it, i.e.
when the namespace is alive, we can safely unhash all the user_struct-s from
it during the namespace exiting. The subsequent free_uid() will complete the
user_struct destruction.
For example simple program
#include <sched.h>
char stack[2 * 1024 * 1024];
int f(void *foo)
{
return 0;
}
int main(void)
{
clone(f, stack + 1 * 1024 * 1024, 0x10000000, 0);
return 0;
}
run on kernel with CONFIG_USER_NS turned on will oops the
kernel immediately.
This was spotted during OpenVZ kernel testing.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Acked-by: "Serge E. Hallyn" <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 735de22
aoa-gpio.h
/*
* Apple Onboard Audio GPIO definitions
*
* Copyright 2006 Johannes Berg <johannes@sipsolutions.net>
*
* GPL v2, can be found in COPYING.
*/
#ifndef __AOA_GPIO_H
#define __AOA_GPIO_H
#include <linux/workqueue.h>
#include <linux/mutex.h>
#include <asm/prom.h>
typedef void (*notify_func_t)(void *data);
enum notify_type {
AOA_NOTIFY_HEADPHONE,
AOA_NOTIFY_LINE_IN,
AOA_NOTIFY_LINE_OUT,
};
struct gpio_runtime;
struct gpio_methods {
/* for initialisation/de-initialisation of the GPIO layer */
void (*init)(struct gpio_runtime *rt);
void (*exit)(struct gpio_runtime *rt);
/* turn off headphone, speakers, lineout */
void (*all_amps_off)(struct gpio_runtime *rt);
/* turn headphone, speakers, lineout back to previous setting */
void (*all_amps_restore)(struct gpio_runtime *rt);
void (*set_headphone)(struct gpio_runtime *rt, int on);
void (*set_speakers)(struct gpio_runtime *rt, int on);
void (*set_lineout)(struct gpio_runtime *rt, int on);
int (*get_headphone)(struct gpio_runtime *rt);
int (*get_speakers)(struct gpio_runtime *rt);
int (*get_lineout)(struct gpio_runtime *rt);
void (*set_hw_reset)(struct gpio_runtime *rt, int on);
/* use this to be notified of any events. The notification
* function is passed the data, and is called in process
* context by the use of schedule_work.
* The interface for it is that setting a function to NULL
* removes it, and they return 0 if the operation succeeded,
* and -EBUSY if the notification is already assigned by
* someone else. */
int (*set_notify)(struct gpio_runtime *rt,
enum notify_type type,
notify_func_t notify,
void *data);
/* returns 0 if not plugged in, 1 if plugged in
* or a negative error code */
int (*get_detect)(struct gpio_runtime *rt,
enum notify_type type);
};
struct gpio_notification {
struct delayed_work work;
notify_func_t notify;
void *data;
void *gpio_private;
struct mutex mutex;
};
struct gpio_runtime {
/* to be assigned by fabric */
struct device_node *node;
/* since everyone needs this pointer anyway... */
struct gpio_methods *methods;
/* to be used by the gpio implementation */
int implementation_private;
struct gpio_notification headphone_notify;
struct gpio_notification line_in_notify;
struct gpio_notification line_out_notify;
};
#endif /* __AOA_GPIO_H */
Computing file changes ...
