PATCH] fix current->user->__count leak for processes

PATCH] fix current->user->__count leak for processes

[Arvind Kandhare]

Hi, 
I am trying to test a patch for limiting maximum number of users on the
system(refer: [RFC][PATCH 2.5.70] Dynamically tunable maxusers, maxuprc
and max_pt_cnt on 06 Jun 2003). 

I stumbled across this problem : when switch_uid is called, 
the reference count of the new user is incremented twice. I think the
increment in the switch_uid is done because of the reparent_to_init()
function which does not increase the __count for root user. 

But if switch_uid is called from any other function, the reference count
is already incremented by the caller by calling alloc_uid for the new
user. Hence the count is incremented twice. The user struct will not be
deleted even when there are no processes holding a reference count for
it. This does not cause any problem currently because nothing is
dependent on timely deletion of the user struct. 

Here is a small patch to solve this problem. 

Thanks and regards, 
Arvind 

diff -Naur linux-2.5.73/kernel/exit.c linux-2.5.73.n/kernel/exit.c
--- linux-2.5.73/kernel/exit.c	2003-06-23 00:03:15.000000000 +0530
+++ linux-2.5.73.n/kernel/exit.c	2003-07-03 10:48:32.000000000 +0530
@@ -230,6 +230,7 @@
 	/* signals? */
 	security_task_reparent_to_init(current);
 	memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim)));
+	atomic_inc(&(INIT_USER->__count));
 	switch_uid(INIT_USER);
 
 	write_unlock_irq(&tasklist_lock);
diff -Naur linux-2.5.73/kernel/user.c linux-2.5.73.n/kernel/user.c
--- linux-2.5.73/kernel/user.c	2003-06-23 00:02:41.000000000 +0530
+++ linux-2.5.73.n/kernel/user.c	2003-07-03 10:46:59.000000000 +0530
@@ -126,7 +126,6 @@
 	 * we should be checking for it.  -DaveM
 	 */
 	old_user = current->user;
-	atomic_inc(&new_user->__count);
 	atomic_inc(&new_user->processes);
 	atomic_dec(&old_user->processes);
 	current->user = new_user;