Hello Yang,
On Fri, Feb 14, 2020 at 06:21:47PM +0800, Yang Yingliang wrote:
On 2020/2/10 20:32, Greg Kroah-Hartman wrote:
@@ -501,8 +509,7 @@ static struct parallel_data *padata_alloc_pd(struct padata_instance *pinst, timer_setup(&pd->timer, padata_reorder_timer, 0); atomic_set(&pd->seq_nr, -1); atomic_set(&pd->reorder_objects, 0);
- atomic_set(&pd->refcnt, 0);
- pd->pinst = pinst;
This patch remove this assignment, it's cause a null-ptr-deref when using pd->pinst in padata_reorder().
Thanks for reporting. This change is based on an enhancement in mainline that moved this assignment but isn't in 4.19:
bfde23ce200e ("padata: unbind parallel jobs from specific CPUs")
A version of _this_ patch (i.e. remove broken queue flushing) has been posted for 4.14, 4.9, and 4.4, all of which would likely result in the same issue, so let's hold off on merging those until I can post fixed versions.
I'll start working on the 4.19 fix now.