Commit 7ea6bf2e authored by Ming Lei's avatar Ming Lei Committed by Jens Axboe
Browse files

percpu_ref: don't refer to ref->data if it isn't allocated 



We can't check ref->data->confirm_switch directly in __percpu_ref_exit(), since
ref->data may not be allocated in one not-initialized refcount.

Fixes: 2b0d3d3e ("percpu_ref: reduce memory footprint of percpu_ref in fast path")
Reported-by: default avatar <syzbot+fd15ff734dace9e16437@syzkaller.appspotmail.com>
Signed-off-by: default avatarMing Lei <ming.lei@redhat.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent f4ac712e

lib/percpu-refcount.c

+1 −1
Original line number Diff line number Diff line
@@ -109,7 +109,7 @@ static void __percpu_ref_exit(struct percpu_ref *ref) 


	if (percpu_count) {

		/* non-NULL confirm_switch indicates switching in progress */

		WARN_ON_ONCE(ref->data->confirm_switch);

		WARN_ON_ONCE(ref->data && ref->data->confirm_switch);

		free_percpu(percpu_count);

		ref->percpu_count_ptr = __PERCPU_REF_ATOMIC_DEAD;

	}