kthread creation may possibly fail inside race_signal_callback(). In
such a case stop the already started threads, put the already taken
references to them and return with error code.
Found by Linux Verification Center (linuxtesting.org).
Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence")
Cc: [email protected]
Signed-off-by: Fedor Pchelkin <[email protected]>
---
v2: use kthread_stop_put() to actually put the last reference as
T.J. Mercier noticed;
link to v1: https://lore.kernel.org/lkml/[email protected]/
drivers/dma-buf/st-dma-fence.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c
index b7c6f7ea9e0c..6a1bfcd0cc21 100644
--- a/drivers/dma-buf/st-dma-fence.c
+++ b/drivers/dma-buf/st-dma-fence.c
@@ -540,6 +540,12 @@ static int race_signal_callback(void *arg)
t[i].before = pass;
t[i].task = kthread_run(thread_signal_callback, &t[i],
"dma-fence:%d", i);
+ if (IS_ERR(t[i].task)) {
+ ret = PTR_ERR(t[i].task);
+ while (--i >= 0)
+ kthread_stop_put(t[i].task);
+ return ret;
+ }
get_task_struct(t[i].task);
}
--
2.39.2
On Wed, May 22, 2024 at 11:14 AM Fedor Pchelkin <[email protected]> wrote:
>
> kthread creation may possibly fail inside race_signal_callback(). In
> such a case stop the already started threads, put the already taken
> references to them and return with error code.
>
> Found by Linux Verification Center (linuxtesting.org).
>
> Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence")
> Cc: [email protected]
> Signed-off-by: Fedor Pchelkin <[email protected]>
Reviewed-by: T.J. Mercier <[email protected]>
> ---
> v2: use kthread_stop_put() to actually put the last reference as
> T.J. Mercier noticed;
> link to v1: https://lore.kernel.org/lkml/[email protected]/
>
> drivers/dma-buf/st-dma-fence.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c
> index b7c6f7ea9e0c..6a1bfcd0cc21 100644
> --- a/drivers/dma-buf/st-dma-fence.c
> +++ b/drivers/dma-buf/st-dma-fence.c
> @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg)
> t[i].before = pass;
> t[i].task = kthread_run(thread_signal_callback, &t[i],
> "dma-fence:%d", i);
> + if (IS_ERR(t[i].task)) {
> + ret = PTR_ERR(t[i].task);
> + while (--i >= 0)
> + kthread_stop_put(t[i].task);
> + return ret;
> + }
> get_task_struct(t[i].task);
> }
>
> --
> 2.39.2
>
Am 22.05.24 um 20:33 schrieb T.J. Mercier:
> On Wed, May 22, 2024 at 11:14 AM Fedor Pchelkin <[email protected]> wrote:
>> kthread creation may possibly fail inside race_signal_callback(). In
>> such a case stop the already started threads, put the already taken
>> references to them and return with error code.
>>
>> Found by Linux Verification Center (linuxtesting.org).
>>
>> Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence")
>> Cc: [email protected]
>> Signed-off-by: Fedor Pchelkin <[email protected]>
> Reviewed-by: T.J. Mercier <[email protected]>
Just FYI: I've picked this one up and pushed it to drm-misc-fixes.
Regards,
Christian.
>> ---
>> v2: use kthread_stop_put() to actually put the last reference as
>> T.J. Mercier noticed;
>> link to v1: https://lore.kernel.org/lkml/[email protected]/
>>
>> drivers/dma-buf/st-dma-fence.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c
>> index b7c6f7ea9e0c..6a1bfcd0cc21 100644
>> --- a/drivers/dma-buf/st-dma-fence.c
>> +++ b/drivers/dma-buf/st-dma-fence.c
>> @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg)
>> t[i].before = pass;
>> t[i].task = kthread_run(thread_signal_callback, &t[i],
>> "dma-fence:%d", i);
>> + if (IS_ERR(t[i].task)) {
>> + ret = PTR_ERR(t[i].task);
>> + while (--i >= 0)
>> + kthread_stop_put(t[i].task);
>> + return ret;
>> + }
>> get_task_struct(t[i].task);
>> }
>>
>> --
>> 2.39.2
>>