io_uring/io-wq: free worker if task_work creation is canceled
authorJens Axboe <axboe@kernel.dk>
Mon, 2 Jan 2023 23:49:46 +0000 (16:49 -0700)
committerJens Axboe <axboe@kernel.dk>
Mon, 2 Jan 2023 23:49:46 +0000 (16:49 -0700)
If we cancel the task_work, the worker will never come into existance.
As this is the last reference to it, ensure that we get it freed
appropriately.

Cc: stable@vger.kernel.org
Reported-by: 진호 <wnwlsgh98@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
io_uring/io-wq.c

index 6f1d0e5df23ad815479904639282bf7a8b4b3b33..992dcd9f8c4cf31a5579a651b8b044c1ea4bfac4 100644 (file)
@@ -1230,6 +1230,7 @@ static void io_wq_cancel_tw_create(struct io_wq *wq)
 
                worker = container_of(cb, struct io_worker, create_work);
                io_worker_cancel_cb(worker);
+               kfree(worker);
        }
 }