From: Cedric Le Goater <clg@fr.ibm.com>

make-access-to-tasks-nsproxy-lighter.patch breaks unshare()

When called from unshare(), switch_task_namespaces() takes an extra
refcount on the nsproxy, leading to a memory leak of nsproxy objects.

Now the problem is that we still need that extra ref when called
from daemonize(). Here's an ugly fix for it.

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Cc: Serge E. Hallyn <serue@us.ibm.com>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 include/linux/nsproxy.h |    5 +++++
 kernel/exit.c           |    5 ++++-
 kernel/nsproxy.c        |    9 ---------
 3 files changed, 9 insertions(+), 10 deletions(-)

diff -puN include/linux/nsproxy.h~make-access-to-tasks-nsproxy-lighterpatch-breaks-unshare include/linux/nsproxy.h
--- a/include/linux/nsproxy.h~make-access-to-tasks-nsproxy-lighterpatch-breaks-unshare
+++ a/include/linux/nsproxy.h
@@ -76,6 +76,11 @@ static inline void put_nsproxy(struct ns
 	}
 }
 
+static inline void get_nsproxy(struct nsproxy *ns)
+{
+	atomic_inc(&ns->count);
+}
+
 #ifdef CONFIG_CGROUP_NS
 int ns_cgroup_clone(struct task_struct *tsk);
 #else
diff -puN kernel/exit.c~make-access-to-tasks-nsproxy-lighterpatch-breaks-unshare kernel/exit.c
--- a/kernel/exit.c~make-access-to-tasks-nsproxy-lighterpatch-breaks-unshare
+++ a/kernel/exit.c
@@ -399,7 +399,10 @@ void daemonize(const char *name, ...)
 	current->fs = fs;
 	atomic_inc(&fs->count);
 
-	switch_task_namespaces(current, init_task.nsproxy);
+	if (current->nsproxy != init_task.nsproxy) {
+		get_nsproxy(init_task.nsproxy);
+		switch_task_namespaces(current, init_task.nsproxy);
+	}
 
  	exit_files(current);
 	current->files = init_task.files;
diff -puN kernel/nsproxy.c~make-access-to-tasks-nsproxy-lighterpatch-breaks-unshare kernel/nsproxy.c
--- a/kernel/nsproxy.c~make-access-to-tasks-nsproxy-lighterpatch-breaks-unshare
+++ a/kernel/nsproxy.c
@@ -25,11 +25,6 @@ static struct kmem_cache *nsproxy_cachep
 
 struct nsproxy init_nsproxy = INIT_NSPROXY(init_nsproxy);
 
-static inline void get_nsproxy(struct nsproxy *ns)
-{
-	atomic_inc(&ns->count);
-}
-
 /*
  * creates a copy of "orig" with refcount 1.
  */
@@ -204,11 +199,7 @@ void switch_task_namespaces(struct task_
 	might_sleep();
 
 	ns = p->nsproxy;
-	if (ns == new)
-		return;
 
-	if (new)
-		get_nsproxy(new);
 	rcu_assign_pointer(p->nsproxy, new);
 
 	if (ns && atomic_dec_and_test(&ns->count)) {
_