kernel/user.c: fix a memory leak when freeing up non-init usernamespaces users (be50b834) · Commits · e / devices / android_kernel_teracube_emerald

kernel/user.c

+7 −7

Original line number	Original line	Diff line number	Diff line
	@@ -286,14 +286,12 @@ int __init uids_sysfs_init(void)
	/* work function to remove sysfs directory for a user and free up		/* work function to remove sysfs directory for a user and free up
	* corresponding structures.		* corresponding structures.
	*/		*/
	static void remove_user_sysfs_dir(struct work_struct *w)		static void cleanup_user_struct(struct work_struct *w)
	{		{
	struct user_struct *up = container_of(w, struct user_struct, work);		struct user_struct *up = container_of(w, struct user_struct, work);
	unsigned long flags;		unsigned long flags;
	int remove_user = 0;		int remove_user = 0;

	if (up->user_ns != &init_user_ns)
	return;
	/* Make uid_hash_remove() + sysfs_remove_file() + kobject_del()		/* Make uid_hash_remove() + sysfs_remove_file() + kobject_del()
	* atomic.		* atomic.
	*/		*/
	@@ -312,9 +310,11 @@ static void remove_user_sysfs_dir(struct work_struct *w)
	if (!remove_user)		if (!remove_user)
	goto done;		goto done;

			if (up->user_ns == &init_user_ns) {
	kobject_uevent(&up->kobj, KOBJ_REMOVE);		kobject_uevent(&up->kobj, KOBJ_REMOVE);
	kobject_del(&up->kobj);		kobject_del(&up->kobj);
	kobject_put(&up->kobj);		kobject_put(&up->kobj);
			}

	sched_destroy_user(up);		sched_destroy_user(up);
	key_put(up->uid_keyring);		key_put(up->uid_keyring);
	@@ -335,7 +335,7 @@ static void free_user(struct user_struct *up, unsigned long flags)
	atomic_inc(&up->__count);		atomic_inc(&up->__count);
	spin_unlock_irqrestore(&uidhash_lock, flags);		spin_unlock_irqrestore(&uidhash_lock, flags);

	INIT_WORK(&up->work, remove_user_sysfs_dir);		INIT_WORK(&up->work, cleanup_user_struct);
	schedule_work(&up->work);		schedule_work(&up->work);
	}		}