kthread creation may possibly fail inside race_signal_callback(). In such a case stop the already started threads, put the already taken references to them and return with error code.
Found by Linux Verification Center (linuxtesting.org).
Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence") Cc: stable@vger.kernel.org Signed-off-by: Fedor Pchelkin pchelkin@ispras.ru --- v2: use kthread_stop_put() to actually put the last reference as T.J. Mercier noticed; link to v1: https://lore.kernel.org/lkml/20240522122326.696928-1-pchelkin@ispras.ru/
drivers/dma-buf/st-dma-fence.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c index b7c6f7ea9e0c..6a1bfcd0cc21 100644 --- a/drivers/dma-buf/st-dma-fence.c +++ b/drivers/dma-buf/st-dma-fence.c @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg) t[i].before = pass; t[i].task = kthread_run(thread_signal_callback, &t[i], "dma-fence:%d", i); + if (IS_ERR(t[i].task)) { + ret = PTR_ERR(t[i].task); + while (--i >= 0) + kthread_stop_put(t[i].task); + return ret; + } get_task_struct(t[i].task); }
On Wed, May 22, 2024 at 11:14 AM Fedor Pchelkin pchelkin@ispras.ru wrote:
kthread creation may possibly fail inside race_signal_callback(). In such a case stop the already started threads, put the already taken references to them and return with error code.
Found by Linux Verification Center (linuxtesting.org).
Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence") Cc: stable@vger.kernel.org Signed-off-by: Fedor Pchelkin pchelkin@ispras.ru
Reviewed-by: T.J. Mercier tjmercier@google.com
v2: use kthread_stop_put() to actually put the last reference as T.J. Mercier noticed; link to v1: https://lore.kernel.org/lkml/20240522122326.696928-1-pchelkin@ispras.ru/
drivers/dma-buf/st-dma-fence.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c index b7c6f7ea9e0c..6a1bfcd0cc21 100644 --- a/drivers/dma-buf/st-dma-fence.c +++ b/drivers/dma-buf/st-dma-fence.c @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg) t[i].before = pass; t[i].task = kthread_run(thread_signal_callback, &t[i], "dma-fence:%d", i);
if (IS_ERR(t[i].task)) {
ret = PTR_ERR(t[i].task);
while (--i >= 0)
kthread_stop_put(t[i].task);
return ret;
} get_task_struct(t[i].task); }
-- 2.39.2
Am 22.05.24 um 20:33 schrieb T.J. Mercier:
On Wed, May 22, 2024 at 11:14 AM Fedor Pchelkin pchelkin@ispras.ru wrote:
kthread creation may possibly fail inside race_signal_callback(). In such a case stop the already started threads, put the already taken references to them and return with error code.
Found by Linux Verification Center (linuxtesting.org).
Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence") Cc: stable@vger.kernel.org Signed-off-by: Fedor Pchelkin pchelkin@ispras.ru
Reviewed-by: T.J. Mercier tjmercier@google.com
Just FYI: I've picked this one up and pushed it to drm-misc-fixes.
Regards, Christian.
v2: use kthread_stop_put() to actually put the last reference as T.J. Mercier noticed; link to v1: https://lore.kernel.org/lkml/20240522122326.696928-1-pchelkin@ispras.ru/
drivers/dma-buf/st-dma-fence.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c index b7c6f7ea9e0c..6a1bfcd0cc21 100644 --- a/drivers/dma-buf/st-dma-fence.c +++ b/drivers/dma-buf/st-dma-fence.c @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg) t[i].before = pass; t[i].task = kthread_run(thread_signal_callback, &t[i], "dma-fence:%d", i);
if (IS_ERR(t[i].task)) {
ret = PTR_ERR(t[i].task);
while (--i >= 0)
kthread_stop_put(t[i].task);
return ret;
} get_task_struct(t[i].task); }
-- 2.39.2
linux-stable-mirror@lists.linaro.org