From: Hillf Danton Date: Wed, 29 Dec 2010 13:55:28 +0000 (+0800) Subject: fix freeing user_struct in user cache X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=4ef9e11d6867f88951e30db910fa015300e31871;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git fix freeing user_struct in user cache When racing on adding into user cache, the new allocated from mm slab is freed without putting user namespace. Since the user namespace is already operated by getting, putting has to be issued. Signed-off-by: Hillf Danton Acked-by: Serge Hallyn Cc: stable@kernel.org Signed-off-by: Linus Torvalds --- diff --git a/kernel/user.c b/kernel/user.c index 2c7d8d5914b..5c598ca781d 100644 --- a/kernel/user.c +++ b/kernel/user.c @@ -158,6 +158,7 @@ struct user_struct *alloc_uid(struct user_namespace *ns, uid_t uid) spin_lock_irq(&uidhash_lock); up = uid_hash_find(uid, hashent); if (up) { + put_user_ns(ns); key_put(new->uid_keyring); key_put(new->session_keyring); kmem_cache_free(uid_cachep, new);