mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-16 18:26:42 +00:00
workqueue: Fixes for v6.11-rc7
Contains the fix for a NULL worker->pool deref bug which can be triggered when a worker is created and then destroyed immediately. -----BEGIN PGP SIGNATURE----- iIQEABYKACwWIQTfIjM1kS57o3GsC/uxYfJx3gVYGQUCZuM5ew4cdGpAa2VybmVs Lm9yZwAKCRCxYfJx3gVYGU5RAQCJ13myAx5ZhznE2fkCv8IrMP1y8BhO5eoPI6+o 0QPgWgD/TMu7hMMZkz0vVHn0euNpwTWB0lOsz1299ukC1wO/tAw= =nJ2F -----END PGP SIGNATURE----- Merge tag 'wq-for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq Pull workqueue fix from Tejun Heo: "A fix for a NULL worker->pool deref bug which can be triggered when a worker is created and then destroyed immediately" * tag 'wq-for-6.11-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: Clear worker->pool in the worker thread context
This commit is contained in:
commit
5da028864f
@ -2709,7 +2709,6 @@ static void detach_worker(struct worker *worker)
|
||||
|
||||
unbind_worker(worker);
|
||||
list_del(&worker->node);
|
||||
worker->pool = NULL;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -2729,6 +2728,7 @@ static void worker_detach_from_pool(struct worker *worker)
|
||||
|
||||
mutex_lock(&wq_pool_attach_mutex);
|
||||
detach_worker(worker);
|
||||
worker->pool = NULL;
|
||||
mutex_unlock(&wq_pool_attach_mutex);
|
||||
|
||||
/* clear leftover flags without pool->lock after it is detached */
|
||||
@ -3349,7 +3349,11 @@ woke_up:
|
||||
if (unlikely(worker->flags & WORKER_DIE)) {
|
||||
raw_spin_unlock_irq(&pool->lock);
|
||||
set_pf_worker(false);
|
||||
|
||||
/*
|
||||
* The worker is dead and PF_WQ_WORKER is cleared, worker->pool
|
||||
* shouldn't be accessed, reset it to NULL in case otherwise.
|
||||
*/
|
||||
worker->pool = NULL;
|
||||
ida_free(&pool->worker_ida, worker->id);
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user