[PATCH] bsdacct: delete timer with sync intension

From: Vitaliy Gusev
Date: Thu Mar 25 2010 - 10:30:17 EST

Next message: Pavel Machek: "Re: [PATCH] staging: winbond: wb35reg.c Coding style fixes v2."
Previous message: Pavel Machek: "Re: [RFC 03/15] PM / Hibernate: separate block_io"
Next in thread: Andrew Morton: "Re: [PATCH] bsdacct: delete timer with sync intension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

acct_exit_ns --> acct_file_reopen deletes timer without
check timer execution on other CPUs. So acct_timeout() can
change an unmapped memory.

Signed-off-by: Vitaliy Gusev <vgusev@xxxxxxxxxx>

---
kernel/acct.c | 17 +++++++++--------
1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/kernel/acct.c b/kernel/acct.c
index a6605ca..6ac80ca 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -353,17 +353,18 @@ restart:

void acct_exit_ns(struct pid_namespace *ns)
{
- struct bsd_acct_struct *acct;
+ struct bsd_acct_struct *acct = ns->bacct;

- spin_lock(&acct_lock);
- acct = ns->bacct;
- if (acct != NULL) {
- if (acct->file != NULL)
- acct_file_reopen(acct, NULL, NULL);
+ if (acct == NULL)
+ return;

- kfree(acct);
- }
+ del_timer_sync(&acct->timer);
+ spin_lock(&acct_lock);
+ if (acct->file != NULL)
+ acct_file_reopen(acct, NULL, NULL);
spin_unlock(&acct_lock);
+
+ kfree(acct);
}

/*
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: [PATCH] staging: winbond: wb35reg.c Coding style fixes v2."
Previous message: Pavel Machek: "Re: [RFC 03/15] PM / Hibernate: separate block_io"
Next in thread: Andrew Morton: "Re: [PATCH] bsdacct: delete timer with sync intension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]