kthread() could bail out early before we initialize blkcg_css (if the
kthread is killed very soon), which confuses free_kthread_struct. Move
the blkcg_css initialization early.
Reported-by: syzbot <syzkal...@googlegroups.com>
Fix: 05e3db9(kthread: add a mechanism to store cgroup info)
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: Ingo Molnar <mi...@kernel.org>
Cc: Tejun Heo <t...@kernel.org>
Signed-off-by: Shaohua Li <s...@fb.com>
---
kernel/kthread.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/kernel/kthread.c b/kernel/kthread.c
index f87cd8b4..cf5c113 100644
--- a/kernel/kthread.c
+++ b/kernel/kthread.c
@@ -205,6 +205,10 @@ static int kthread(void *_create)
int ret;
self = kmalloc(sizeof(*self), GFP_KERNEL);
+#ifdef CONFIG_BLK_CGROUP
+ if (self)
+ self->blkcg_css = NULL;
+#endif
set_kthread_struct(self);
/* If user was SIGKILLed, I release the structure. */
@@ -224,9 +228,6 @@ static int kthread(void *_create)
self->data = data;
init_completion(&self->exited);
init_completion(&self->parked);
-#ifdef CONFIG_BLK_CGROUP
- self->blkcg_css = NULL;
-#endif
current->vfork_done = &self->exited;
/* OK, tell user we're spawned, wait for stop or wakeup */
--
2.9.5
