Am 22.05.24 um 20:33 schrieb T.J. Mercier:
On Wed, May 22, 2024 at 11:14 AM Fedor Pchelkin <pchelkin@xxxxxxxxx> wrote:kthread creation may possibly fail inside race_signal_callback(). In such a case stop the already started threads, put the already taken references to them and return with error code. Found by Linux Verification Center (linuxtesting.org). Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence") Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Fedor Pchelkin <pchelkin@xxxxxxxxx>Reviewed-by: T.J. Mercier <tjmercier@xxxxxxxxxx>
Just FYI: I've picked this one up and pushed it to drm-misc-fixes. Regards, Christian.
--- v2: use kthread_stop_put() to actually put the last reference as T.J. Mercier noticed; link to v1: https://lore.kernel.org/lkml/20240522122326.696928-1-pchelkin@xxxxxxxxx/ drivers/dma-buf/st-dma-fence.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c index b7c6f7ea9e0c..6a1bfcd0cc21 100644 --- a/drivers/dma-buf/st-dma-fence.c +++ b/drivers/dma-buf/st-dma-fence.c @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg) t[i].before = pass; t[i].task = kthread_run(thread_signal_callback, &t[i], "dma-fence:%d", i); + if (IS_ERR(t[i].task)) { + ret = PTR_ERR(t[i].task); + while (--i >= 0) + kthread_stop_put(t[i].task); + return ret; + } get_task_struct(t[i].task); } -- 2.39.2
