summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMing Lei <ming.lei@redhat.com>2020-10-09 12:03:56 +0800
committerJens Axboe <axboe@kernel.dk>2020-10-09 12:32:06 -0600
commit7ea6bf2e6c409e245a31b9ac6a4ba24949ad442f (patch)
tree709047965688b8a10260522de051e5fe23afbbb9
parentf4ac712e4fe009635344b9af5d890fe25fcc8c0d (diff)
percpu_ref: don't refer to ref->data if it isn't allocated
We can't check ref->data->confirm_switch directly in __percpu_ref_exit(), since ref->data may not be allocated in one not-initialized refcount. Fixes: 2b0d3d3e4fcf ("percpu_ref: reduce memory footprint of percpu_ref in fast path") Reported-by: syzbot+fd15ff734dace9e16437@syzkaller.appspotmail.com Signed-off-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
-rw-r--r--lib/percpu-refcount.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c
index b6350d13538a..e59eda07305e 100644
--- a/lib/percpu-refcount.c
+++ b/lib/percpu-refcount.c
@@ -109,7 +109,7 @@ static void __percpu_ref_exit(struct percpu_ref *ref)
if (percpu_count) {
/* non-NULL confirm_switch indicates switching in progress */
- WARN_ON_ONCE(ref->data->confirm_switch);
+ WARN_ON_ONCE(ref->data && ref->data->confirm_switch);
free_percpu(percpu_count);
ref->percpu_count_ptr = __PERCPU_REF_ATOMIC_DEAD;
}