| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 24 May 2020 17:22:43 +0800 From: <qiang.zhang@...driver.com> To: <tj@...nel.org> CC: <jiangshanlai@...il.com>, <linux-kernel@...r.kernel.org> Subject: [PATCH] workqueue: Fix double kfree(rescuer) in destroy_workqueue() From: Zhang Qiang <qiang.zhang@...driver.com> When destroy_workqueue if rescuer worker exist,wq->rescuer pointer be kfree. if sanity checks passed. the func call_rcu(&wq->rcu, rcu_free_wq) will be called if the wq->flags & WQ_UNBOUND is false,in rcu_free_wq func wq->rescuer pointer was kfree again. Signed-off-by: Zhang Qiang <qiang.zhang@...driver.com> --- kernel/workqueue.c | 1 - 1 file changed, 1 deletion(-) diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 891ccad5f271..a2451cdcd503 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -3491,7 +3491,6 @@ static void rcu_free_wq(struct rcu_head *rcu) else free_workqueue_attrs(wq->unbound_attrs); - kfree(wq->rescuer); kfree(wq); } -- 2.17.0
Powered by blists - more mailing lists