diff options
| author | Greg Kroah-Hartman <gregkh@google.com> | 2021-08-04 12:50:19 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@google.com> | 2021-08-04 12:50:19 +0200 |
| commit | 449846c3e01f672fdb33412056058564d2cfaf21 (patch) | |
| tree | 6c641c51ec696449cbd6d881c7aa30ae9af431fd /kernel | |
| parent | 137e37851b23293102f8c090dffb4488a4170c4a (diff) | |
| parent | 372cffad865ffc79132d858ab0526dd51f97b0c8 (diff) | |
Merge 4.4.278 into android-4.4-p
Changes in 4.4.278
net: split out functions related to registering inflight socket files
af_unix: fix garbage collect vs MSG_PEEK
workqueue: fix UAF in pwq_unbound_release_workfn()
net/802/mrp: fix memleak in mrp_request_join()
net/802/garp: fix memleak in garp_request_join()
sctp: move 198 addresses from unusable to private scope
hfs: add missing clean-up in hfs_fill_super
hfs: fix high memory mapping in hfs_bnode_read
hfs: add lock nesting notation to hfs_find_init
ARM: dts: versatile: Fix up interrupt controller node names
lib/string.c: add multibyte memset functions
ARM: ensure the signal page contains defined contents
ocfs2: fix zero out valid data
ocfs2: issue zeroout to EOF blocks
can: usb_8dev: fix memory leak
can: ems_usb: fix memory leak
can: esd_usb2: fix memory leak
NIU: fix incorrect error return, missed in previous revert
x86/asm: Ensure asm/proto.h can be included stand-alone
cfg80211: Fix possible memory leak in function cfg80211_bss_update
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
tipc: fix sleeping in tipc accept routine
mlx4: Fix missing error code in mlx4_load_one()
net: llc: fix skb_over_panic
tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
sis900: Fix missing pci_disable_device() in probe and remove
Linux 4.4.278
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I51e4e7e9cc9db03de57626e25e3785c400ced81f
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/workqueue.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/kernel/workqueue.c b/kernel/workqueue.c index a2de597604e6..b7eed05ea987 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -3309,15 +3309,21 @@ static void pwq_unbound_release_workfn(struct work_struct *work) unbound_release_work); struct workqueue_struct *wq = pwq->wq; struct worker_pool *pool = pwq->pool; - bool is_last; + bool is_last = false; - if (WARN_ON_ONCE(!(wq->flags & WQ_UNBOUND))) - return; + /* + * when @pwq is not linked, it doesn't hold any reference to the + * @wq, and @wq is invalid to access. + */ + if (!list_empty(&pwq->pwqs_node)) { + if (WARN_ON_ONCE(!(wq->flags & WQ_UNBOUND))) + return; - mutex_lock(&wq->mutex); - list_del_rcu(&pwq->pwqs_node); - is_last = list_empty(&wq->pwqs); - mutex_unlock(&wq->mutex); + mutex_lock(&wq->mutex); + list_del_rcu(&pwq->pwqs_node); + is_last = list_empty(&wq->pwqs); + mutex_unlock(&wq->mutex); + } mutex_lock(&wq_pool_mutex); put_unbound_pool(pool); |