Hi All! on my regular code reviews, I stumbled over the follwing 'minor' bug in switch_user_struct() ...
static inline int switch_user_struct(int new_context) { struct user_struct *new_user; new_user = alloc_uid(new_context, current->uid); if (!new_user) return -ENOMEM; if (new_user != current->user) { struct user_struct *old_user = current->user; atomic_inc(&new_user->processes); atomic_dec(&old_user->processes); current->user = new_user; free_uid(old_user); } return 0; } in the unlikely case of new_user == current->user (which IMHO only happens if you switch to the current context, a not very likely thing ;), the new_user isn't feed, an this way keeps a reference to that user_struct forever ... the attached patch fixes this ... but I'm not sure that anybody will ever hit this ... best, Herbert --- ./kernel/signal.c.orig Sat Nov 1 10:36:51 2003 +++ ./kernel/signal.c Sun Nov 16 16:51:27 2003 @@ -1345,6 +1345,8 @@ static inline int switch_user_struct(int current->user = new_user; free_uid(old_user); } + else + free_uid(new_user); return 0; } _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver