From: Gou Hao gouhao@uniontech.com
uniontech inclusion category: bugfix bugzilla: NA CVE: NA
-------------------
After alloc the sbi->persisters memory, dep_init will call dep_fini when error happened.Because sbi->persisters is not set to 0, -> dep_fini() can be called with sbi->persisters[] uninitialized, thus kthread_stop() can be called with random value.
Signed-off-by: Gou Hao gouhao@uniontech.com Reviewed-by: Yu Kuai yukuai3@huawei.com Reviewed-by: Zhang Yi yi.zhang@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- fs/eulerfs/dep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/eulerfs/dep.c b/fs/eulerfs/dep.c index ec014bbf3700..a41471c5f2ec 100644 --- a/fs/eulerfs/dep.c +++ b/fs/eulerfs/dep.c @@ -718,7 +718,7 @@ int dep_init(struct super_block *sb) for_each_possible_cpu(cpu) init_llist_head(per_cpu_ptr(sbi->persistee_list, cpu));
- sbi->persisters = kmalloc(sizeof(struct task_struct *) * + sbi->persisters = kzalloc(sizeof(struct task_struct *) * persisters_per_socket * num_sockets, GFP_KERNEL); if (!sbi->persisters) {