From: Serge Hallyn The nsproxy was being copied in unshare() when anything was being unshared, even if it was something not referenced from nsproxy. This should end up in some cases with far more memory usage than necessary. Signed-off-by: Serge Hallyn Cc: Kirill Korotaev Cc: "Eric W. Biederman" Cc: Herbert Poetzl Cc: Andrey Savochkin Signed-off-by: Andrew Morton --- kernel/fork.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff -puN kernel/fork.c~uts-copy-nsproxy-only-when-needed kernel/fork.c --- a/kernel/fork.c~uts-copy-nsproxy-only-when-needed +++ a/kernel/fork.c @@ -1598,7 +1598,7 @@ asmlinkage long sys_unshare(unsigned lon struct mm_struct *mm, *new_mm = NULL, *active_mm = NULL; struct files_struct *fd, *new_fd = NULL; struct sem_undo_list *new_ulist = NULL; - struct nsproxy *new_nsproxy, *old_nsproxy; + struct nsproxy *new_nsproxy = NULL, *old_nsproxy = NULL; struct uts_namespace *uts, *new_uts = NULL; check_unshare_flags(&unshare_flags); @@ -1626,18 +1626,24 @@ asmlinkage long sys_unshare(unsigned lon if ((err = unshare_utsname(unshare_flags, &new_uts))) goto bad_unshare_cleanup_semundo; - if (new_fs || new_ns || new_sigh || new_mm || new_fd || new_ulist || - new_uts) { - + if (new_ns || new_uts) { old_nsproxy = current->nsproxy; new_nsproxy = dup_namespaces(old_nsproxy); if (!new_nsproxy) { err = -ENOMEM; goto bad_unshare_cleanup_uts; } + } + + if (new_fs || new_ns || new_sigh || new_mm || new_fd || new_ulist || + new_uts) { task_lock(current); - current->nsproxy = new_nsproxy; + + if (new_nsproxy) { + current->nsproxy = new_nsproxy; + new_nsproxy = old_nsproxy; + } if (new_fs) { fs = current->fs; @@ -1679,9 +1685,11 @@ asmlinkage long sys_unshare(unsigned lon } task_unlock(current); - put_nsproxy(old_nsproxy); } + if (new_nsproxy) + put_nsproxy(new_nsproxy); + bad_unshare_cleanup_uts: if (new_uts) put_uts_ns(new_uts); _