kthread() could bail out early before we initialize blkcg_css (if the
kthread is killed very soon), which confuses free_kthread_struct. Move
the blkcg_css initialization early.
Reported-by: syzbot <[email protected]>
Fix: 05e3db9(kthread: add a mechanism to store cgroup info)
Cc: Andrew Morton <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Tejun Heo <[email protected]>
Signed-off-by: Shaohua Li <[email protected]>
---
kernel/kthread.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/kernel/kthread.c b/kernel/kthread.c
index f87cd8b4..cf5c113 100644
--- a/kernel/kthread.c
+++ b/kernel/kthread.c
@@ -205,6 +205,10 @@ static int kthread(void *_create)
int ret;
self = kmalloc(sizeof(*self), GFP_KERNEL);
+#ifdef CONFIG_BLK_CGROUP
+ if (self)
+ self->blkcg_css = NULL;
+#endif
set_kthread_struct(self);
/* If user was SIGKILLed, I release the structure. */
@@ -224,9 +228,6 @@ static int kthread(void *_create)
self->data = data;
init_completion(&self->exited);
init_completion(&self->parked);
-#ifdef CONFIG_BLK_CGROUP
- self->blkcg_css = NULL;
-#endif
current->vfork_done = &self->exited;
/* OK, tell user we're spawned, wait for stop or wakeup */
--
2.9.5
From 1583365753999446770@xxx Tue Nov 07 00:40:53 +0000 2017
X-GM-THRID: 1583365753999446770
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread