I stumbled across this problem : when switch_uid is called,
the reference count of the new user is incremented twice. I think the
increment in the switch_uid is done because of the reparent_to_init()
function which does not increase the __count for root user.
But if switch_uid is called from any other function, the reference count
is already incremented by the caller by calling alloc_uid for the new
user. Hence the count is incremented twice. The user struct will not be
deleted even when there are no processes holding a reference count for
it. This does not cause any problem currently because nothing is
dependent on timely deletion of the user struct.
Here is a small patch to solve this problem.
Thanks and regards,
Arvind
diff -Naur linux-2.5.73/kernel/exit.c linux-2.5.73.n/kernel/exit.c
--- linux-2.5.73/kernel/exit.c 2003-06-23 00:03:15.000000000 +0530
+++ linux-2.5.73.n/kernel/exit.c 2003-07-03 10:48:32.000000000 +0530
@@ -230,6 +230,7 @@
/* signals? */
security_task_reparent_to_init(current);
memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim)));
+ atomic_inc(&(INIT_USER->__count));
switch_uid(INIT_USER);
write_unlock_irq(&tasklist_lock);
diff -Naur linux-2.5.73/kernel/user.c linux-2.5.73.n/kernel/user.c
--- linux-2.5.73/kernel/user.c 2003-06-23 00:02:41.000000000 +0530
+++ linux-2.5.73.n/kernel/user.c 2003-07-03 10:46:59.000000000 +0530
@@ -126,7 +126,6 @@
* we should be checking for it. -DaveM
*/
old_user = current->user;
- atomic_inc(&new_user->__count);
atomic_inc(&new_user->processes);
atomic_dec(&old_user->processes);
current->user = new_user;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/