Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6326438rwb; Sun, 11 Dec 2022 23:42:45 -0800 (PST) X-Google-Smtp-Source: AA0mqf77R3hOQ75UO3uDbD3dWIuB2OhZC3K/7+qKsTBKgc7H46Vu3PpCJ/DEzbVIUqs6NPW1pyRQ X-Received: by 2002:a05:6a20:3b98:b0:ad:94d0:ac97 with SMTP id b24-20020a056a203b9800b000ad94d0ac97mr3079572pzh.48.1670830965178; Sun, 11 Dec 2022 23:42:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670830965; cv=none; d=google.com; s=arc-20160816; b=QYlm5pIusSNaT+Bf52XTQPKEh52urINvsxZC+fIaPxDocexQMIQ6xHleQn2Ud2VdJo JbjUAoKSA1uDfgb1TrZ0vVBReizinkBignh7ZCgF9gBFY+Fbnssy5Sn8cp3Wwq8YYNdo i19liGrPEIRZ8gDvL43HeKWblJfyC6mwi2MoPO4X81y/0nTQHUJY7A7GZqIzBROuf2Yp cquEv7TE9to87QLCH8YsRN5ibYpKs15MN0gshvGiB5VyQCW6gepDAH1LUgMVivNQoEBz 1+I9BvBZyZLIcDd0mRRN0S7M+kHQCb9wYcShX08sfbUyDY8sytUb5nYNijBUwcOzIKP4 rEQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=98dSCzjjeyt2RiBMKzyLEVGv9smR4thOQJ6eBPuKnH0=; b=g6bDd9F7MlKv38FRkKoHQOhdGjz24c4qpHcO9Wz5sbiiaX5uJAwd6OIuETeIxUENsh ZAJDSoDD56q1em6YuwLaabDw8DAEQOrAiJlRqKZyPXEvvgqLMdI2PIR5FnyhC6C2Mwa8 Rw5oFNa7zjmdRvcDWVt8UZi0xfy8JQFmXe4lrWYkOodSld8hUWGxoNFUIKB6vEg8yCtY gc783TxSX5ap/jPx76ndaEadlvOM1dQQ77k6W+phbzusQfCWnz0NsPQni/sJPU2rlhv3 YPRn0SweAVTONYZvQSMPDsWHzN8awPvypqLIC3xHyf7qKc5wZX5H2khIvcYz7kPSFmFg N7dA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=c5xxxFCe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g20-20020a63fa54000000b0044601bb2f90si8341124pgk.530.2022.12.11.23.42.35; Sun, 11 Dec 2022 23:42:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=c5xxxFCe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231359AbiLLGsl (ORCPT + 75 others); Mon, 12 Dec 2022 01:48:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43136 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231340AbiLLGsh (ORCPT ); Mon, 12 Dec 2022 01:48:37 -0500 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1F06F2DD for ; Sun, 11 Dec 2022 22:48:37 -0800 (PST) Received: by mail-pj1-x102c.google.com with SMTP id u5so10970340pjy.5 for ; Sun, 11 Dec 2022 22:48:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=98dSCzjjeyt2RiBMKzyLEVGv9smR4thOQJ6eBPuKnH0=; b=c5xxxFCe66C4WPZd/IpfOcWdr+rUwPOfif0fBX0U2xNDi4GDZrXVDTgZybOp7DOTSG 3BIlSleg+ygfMkpDTdeo3t2nKKo1SospL5cXDpv9nyTvekAumiPe7CqxOT2KhPj2k81j 6KIsMs2cRe5JUgjBK2GEQw2oSji6ObY+hQf/mORKZ5+vsmogy45Ie3qpaw2N4j6guNDV t1MRFR6RAMezTGWViDBjfDEdtC7u4zLMIAxD+gH3atnOYDxF/4bzOM9GL7fjWZPmTLKC k78ma1I2RdcbvanmXN5ZP10fJfnDFeK/Gtzm9UtN0ZAPXYMfSawUhGjUpsm5hsFIWe4A G4wA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=98dSCzjjeyt2RiBMKzyLEVGv9smR4thOQJ6eBPuKnH0=; b=QHDDlsPVX2xNTVaoxiqawRD7Efl3fHLCMkED5uTzOq9dRGq6vgf29M/QgbBKBZuH/l JysdbUmNTnR0a5rGzOq8BxkIs+JBdbztklS0a7YwzIK/Xk3pozTf4vIhp6EREXnc94Bx pmocM2VMg7ZNpr3E5wa4DtC1PM3qaXOLQs+v2cav14jY5SIbyBfPpJBvcPIHmwS/IYvO 64UHV1FqAMn3C+kfomVlDweRbNmguHZn7mifk+N3dPqM1VY+l75dxxiH2K1iEp8JJxUp 3ZhlIIba6hxHLRtGdBMMhKS1Z0hEL7rTA1BtSKsKWEs/S1ZyMorBIML4/fqFwhJ6D9cI vHjA== X-Gm-Message-State: ANoB5plOwAwxbA4EbQe1qEyjah/DrIvH/Gl+f2bK90I6ssfvu8+zXN0H TuWsGbH/1vjk8P+2PQpndT3MuUK2d0ZyItLZ8PA= X-Received: by 2002:a17:90a:e542:b0:219:9bdc:b0f with SMTP id ei2-20020a17090ae54200b002199bdc0b0fmr28211115pjb.220.1670827716628; Sun, 11 Dec 2022 22:48:36 -0800 (PST) MIME-Version: 1.0 References: <20221212061836.3620-1-richard.xnu.clark@gmail.com> In-Reply-To: From: Lai Jiangshan Date: Mon, 12 Dec 2022 14:48:25 +0800 Message-ID: Subject: Re: [PATCH] workqueue: Prevent a new work item from queueing into a destruction wq To: Tejun Heo Cc: Richard Clark , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 12, 2022 at 2:23 PM Tejun Heo wrote: > > On Mon, Dec 12, 2022 at 02:18:36PM +0800, Richard Clark wrote: > > Currently the __WQ_DRAINING is used to prevent a new work item from queueing > > to a draining workqueue, but this flag will be cleared before the end of a > > RCU grace period. Because the workqueue instance is actually freed after > > the RCU grace period, this fact results in an opening window in which a new > > work item can be queued into a destorying workqueue and be scheduled > > consequently, for instance, the below code snippet demos this accident: > > I mean, this is just use-after-free. The same scenario can happen with > non-RCU frees or if there happens to be an RCU grace period inbetween. I'm > not sure what's being protected here. I think it is a kind of debugging facility with no overhead in the fast path. It is indeed the caller's responsibility not to do use-after-free. For non-RCU free, the freed workqueue's state can be arbitrary soon and the caller might get a complaint. And if there are some kinds of debugging facilities for freed memory, the system can notice the problem earlier. But now is RCU free for the workqueue, and the workqueue has nothing different between before and after destroy_workqueue() unless the grace period ends and the memory-allocation subsystem takes charge of the memory. Thanks Lai