Commit d7ad05c8 authored by Levi Yun's avatar Levi Yun Committed by Thomas Gleixner

timers/migration: Prevent out of bounds access on failure

When tmigr_setup_groups() fails the level 0 group allocation, then the
cleanup derefences index -1 of the local stack array.

Prevent this by checking the loop condition first.

Fixes: 7ee98877 ("timers: Implement the hierarchical pull model")
Signed-off-by: default avatarLevi Yun <ppbuk5246@gmail.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Reviewed-by: default avatarAnna-Maria Behnsen <anna-maria@linutronix.de>
Link: https://lore.kernel.org/r/20240506041059.86877-1-ppbuk5246@gmail.com
parent dd5a440a
...@@ -1596,7 +1596,7 @@ static int tmigr_setup_groups(unsigned int cpu, unsigned int node) ...@@ -1596,7 +1596,7 @@ static int tmigr_setup_groups(unsigned int cpu, unsigned int node)
} while (i < tmigr_hierarchy_levels); } while (i < tmigr_hierarchy_levels);
do { while (i > 0) {
group = stack[--i]; group = stack[--i];
if (err < 0) { if (err < 0) {
...@@ -1645,7 +1645,7 @@ static int tmigr_setup_groups(unsigned int cpu, unsigned int node) ...@@ -1645,7 +1645,7 @@ static int tmigr_setup_groups(unsigned int cpu, unsigned int node)
tmigr_connect_child_parent(child, group); tmigr_connect_child_parent(child, group);
} }
} }
} while (i > 0); }
kfree(stack); kfree(stack);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment