Skip to content

Commit

Permalink
bsdacct: use del_timer_sync() in acct_exit_ns()
Browse files Browse the repository at this point in the history 
acct_exit_ns --> acct_file_reopen deletes timer without check timer
execution on other CPUs.  So acct_timeout() can change an unmapped memory.

Signed-off-by: Vitaliy Gusev <vgusev@openvz.org>
Cc: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
Vitaliy Gusev authored and Linus Torvalds committed May 12, 2010
1 parent ab941e0 commit 11cad32
Showing 1 changed file with 9 additions and 8 deletions.
17 changes: 9 additions & 8 deletions kernel/acct.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,17 +353,18 @@ void acct_auto_close(struct super_block *sb)

void acct_exit_ns(struct pid_namespace *ns)
{
struct bsd_acct_struct *acct;
struct bsd_acct_struct *acct = ns->bacct;

spin_lock(&acct_lock);
acct = ns->bacct;
if (acct != NULL) {
if (acct->file != NULL)
acct_file_reopen(acct, NULL, NULL);
if (acct == NULL)
return;

kfree(acct);
}
del_timer_sync(&acct->timer);
spin_lock(&acct_lock);
if (acct->file != NULL)
acct_file_reopen(acct, NULL, NULL);
spin_unlock(&acct_lock);

kfree(acct);
}

/*
Expand Down

0 comments on commit 11cad32

Please sign in to comment.