workqueue: Fix an use after free in init_rescuer()
We need to preserve error code before freeing "rescuer".
Fixes: f187b6974f ("workqueue: Use IS_ERR and PTR_ERR instead of PTR_ERR_OR_ZERO.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Lai Jiangshan <jiangshanlai@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
This commit is contained in:
Dan Carpenter
@@ -4197,6 +4197,7 @@ static int wq_clamp_max_active(int max_active, unsigned int flags,
|
|||||||
static int init_rescuer(struct workqueue_struct *wq)
|
static int init_rescuer(struct workqueue_struct *wq)
|
||||||
{
|
{
|
||||||
struct worker *rescuer;
|
struct worker *rescuer;
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (!(wq->flags & WQ_MEM_RECLAIM))
|
if (!(wq->flags & WQ_MEM_RECLAIM))
|
||||||
return 0;
|
return 0;
|
||||||
@@ -4208,8 +4209,9 @@ static int init_rescuer(struct workqueue_struct *wq)
|
|||||||
rescuer->rescue_wq = wq;
|
rescuer->rescue_wq = wq;
|
||||||
rescuer->task = kthread_create(rescuer_thread, rescuer, "%s", wq->name);
|
rescuer->task = kthread_create(rescuer_thread, rescuer, "%s", wq->name);
|
||||||
if (IS_ERR(rescuer->task)) {
|
if (IS_ERR(rescuer->task)) {
|
||||||
|
ret = PTR_ERR(rescuer->task);
|
||||||
kfree(rescuer);
|
kfree(rescuer);
|
||||||
return PTR_ERR(rescuer->task);
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
wq->rescuer = rescuer;
|
wq->rescuer = rescuer;
|
||||||
|
|||||||
Reference in New Issue
Block a user