UBUNTU: SAUCE: fs: fix a posible leak of allocated superblock

BugLink: http://bugs.launchpad.net/bugs/1566505
We probably need to fix superblock leak in patch (v4 "fs: Add user
namesapace member to struct super_block"):

Imagine posible code path in sget_userns: we iterate through
type->fs_supers and do not find suitable sb, we drop sb_lock to
allocate s and go to retry. After we dropped sb_lock some other
task from different userns takes sb_lock, it is already in retry
stage and has s allocated, so it puts its s in type->fs_supers
list. So in retry we will find these sb in list and check it has
a different userns, and finally we will return without freeing s.

Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Acked-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

diff --git a/fs/super.c b/fs/super.c
index e97b00e8bff5d535a41fc870ee633028639a5673..bacecf183adb1b90b68b462942abc9cc2a13140e 100644 (file)
--- a/fs/super.c
+++ b/fs/super.c
@@ -474,6 +474,10 @@ retry:
                                continue;
                        if (user_ns != old->s_user_ns) {
                                spin_unlock(&sb_lock);
+                               if (s) {
+                                       up_write(&s->s_umount);
+                                       destroy_super(s);
+                               }
                                return ERR_PTR(-EBUSY);
                        }
                        if (!grab_super(old))