[PATCH] workqueue: Fix double kfree(rescuer) in destroy_workqueue()

From: qiang.zhang
Date: Sun May 24 2020 - 05:15:22 EST

Next message: Alexandre Ghiti: "[PATCH 5/8] riscv: Implement sv48 support"
Previous message: Alexandre Ghiti: "[PATCH 4/8] riscv: Prepare ptdump for vm layout dynamic addresses"
Next in thread: Markus Elfring: "Re: [PATCH] workqueue: Fix double kfree(rescuer) in destroy_workqueue()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Zhang Qiang <qiang.zhang@xxxxxxxxxxxxx>

When destroy_workqueue if rescuer worker exist,wq->rescuer pointer be
kfree. if sanity checks passed. the func call_rcu(&wq->rcu, rcu_free_wq)
will be called if the wq->flags & WQ_UNBOUND is false,in rcu_free_wq
func wq->rescuer pointer was kfree again.

Signed-off-by: Zhang Qiang <qiang.zhang@xxxxxxxxxxxxx>
---
kernel/workqueue.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 891ccad5f271..a2451cdcd503 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -3491,7 +3491,6 @@ static void rcu_free_wq(struct rcu_head *rcu)
else
free_workqueue_attrs(wq->unbound_attrs);

- kfree(wq->rescuer);
kfree(wq);
}

--
2.17.0

Next message: Alexandre Ghiti: "[PATCH 5/8] riscv: Implement sv48 support"
Previous message: Alexandre Ghiti: "[PATCH 4/8] riscv: Prepare ptdump for vm layout dynamic addresses"
Next in thread: Markus Elfring: "Re: [PATCH] workqueue: Fix double kfree(rescuer) in destroy_workqueue()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]