lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sun, 24 May 2020 17:22:43 +0800
From:   <qiang.zhang@...driver.com>
To:     <tj@...nel.org>
CC:     <jiangshanlai@...il.com>, <linux-kernel@...r.kernel.org>
Subject: [PATCH] workqueue: Fix double kfree(rescuer) in destroy_workqueue()

From: Zhang Qiang <qiang.zhang@...driver.com>

When destroy_workqueue if rescuer worker exist,wq->rescuer pointer be
kfree. if sanity checks passed. the func call_rcu(&wq->rcu, rcu_free_wq)
will be called if the wq->flags & WQ_UNBOUND is false,in rcu_free_wq
func wq->rescuer pointer was kfree again.

Signed-off-by: Zhang Qiang <qiang.zhang@...driver.com>
---
 kernel/workqueue.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 891ccad5f271..a2451cdcd503 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -3491,7 +3491,6 @@ static void rcu_free_wq(struct rcu_head *rcu)
 	else
 		free_workqueue_attrs(wq->unbound_attrs);
 
-	kfree(wq->rescuer);
 	kfree(wq);
 }
 
-- 
2.17.0

Powered by blists - more mailing lists