Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6434940rwb; Mon, 12 Dec 2022 01:38:35 -0800 (PST) X-Google-Smtp-Source: AA0mqf7ZJoHrvGnrDtz+nTwOu9+zIbj/tSYFgfpmyeyw0vri1lHsdcM/Q7sEEzgvSzCsmcZOoqRQ X-Received: by 2002:a17:902:b591:b0:189:8065:fe87 with SMTP id a17-20020a170902b59100b001898065fe87mr15443500pls.46.1670837915328; Mon, 12 Dec 2022 01:38:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670837915; cv=none; d=google.com; s=arc-20160816; b=aihcdfXb0fspHcwYhq8EcJGjeYFYI73vjzAjGmm0XFqlewdXFoRDs1dbMcgB2d4UPN orHa9Axww/oGEkwlpTujiLT8GeE8xuiEFea9Ls+hhiq9wsficWP+biJ26/dGg4xO+1a4 C7u7FtuMXOC26tIYcvIj8EhFxL12Fb18FxziK3knm7WKUsukml3VcOTzgemDq6OMf21B NSyDl9XqC/zwS6N4bkk/mTKjgC6g5A0Y8YRCCbpzrcMNxeqT6Ag5OQ6fDrnU9YK1nzVa 9nVjnkOoPq4/dSYmN3b5Y3GUWVj56EMO8n0nKuAtMPS9plHBlcWsyeP+jOs7WSd3mhpf 7u9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=n14Qp7bvZz4xqyR48Rh0IbAbnDSJAzA4A7nydUQ+ajg=; b=D599bFZRw/5CcmiXAwRU5XrThAXZWyUsL4LEh8KE26YZZPC16A+WEF1fIibXRRj4V9 hd1niqSSvIWMNa4i4cnRu/Vhw/KoeyHq+JeWkgg3bJhBb1NlqR4XnOUQm4HVRpmAyF5+ HJPL78kMB/MVjxPBXabnOGZN1+zOvYsSYxbMxlhT2UHJTIhbS2Q8ExjF06rRagriOP1L jOEeB3fragcHi25rGcPzNkm/Gj0Xi/u1bWJlakDTOb3QLvQf/S5Hsfhj40D/wuF8PtG8 pmFSPE9YWZIHVzsdU1YsR5cHKFw8UoXznhkxElgebmtSVmuO3yxv9QZ/jjyUTvxVHcaN wvFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Z950nXBB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id im22-20020a170902bb1600b00186ba56bda8si8548970plb.61.2022.12.12.01.38.26; Mon, 12 Dec 2022 01:38:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Z950nXBB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231516AbiLLJ1b (ORCPT + 75 others); Mon, 12 Dec 2022 04:27:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231376AbiLLJ1L (ORCPT ); Mon, 12 Dec 2022 04:27:11 -0500 Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5907D111F for ; Mon, 12 Dec 2022 01:27:10 -0800 (PST) Received: by mail-wr1-x430.google.com with SMTP id f18so11397027wrj.5 for ; Mon, 12 Dec 2022 01:27:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=n14Qp7bvZz4xqyR48Rh0IbAbnDSJAzA4A7nydUQ+ajg=; b=Z950nXBBkoH+Pf5+RcXPRfyTg9W7VPejvg0QaFLA3zpPx4767eSRVXW+GAM7vxw3cl LZKmtENuwEjZimXtE6Wor+k6iTCytH/sJObsD32xm/+YBOT77KB06vunlRY58OwANC1Y 2tJn7Z31qFqqUCvtys73ZVKP8zgTxV6buC/1zq+MB9L8+hZ7mqo12/jYXvSnVgHtTCtI +xJpFEePXQGVSQq8plaIk5TJhU1UatdEYQLeZQa2AmITTCjIikDJoVQy48X6l+DfyBf8 mvIf1TXbqDArbAE1Q8XBAzsICso1BDvyGT5o2+wGZw69r94gkjfRgHMUoaIvWhJAQWyt NrNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=n14Qp7bvZz4xqyR48Rh0IbAbnDSJAzA4A7nydUQ+ajg=; b=beESFhmmsue7c7wVVZFNI8dxDb6Y25ewf/VJlzpfLoqRHhVUqmDBVoDVNCJZz7YbZb 9TwqOVE52R91S6n5fMxlV27Y85fIT3rtANxalQNd5SacjwRFRYLdVsKENJL0DcuYYY53 z0e98kyk3/fsD/SdIoiNO31EvoeI3MiT4AWwbvz0u8g0KvN66li1p47ykRecn5NzNR8R yh6GutGvgPC4or9M4ko98KTDl+lii30ptRS6j5RsNvg0Nb/kmNFPH3cjjDOA/Lb9rTQm fCEH+zaZJxY5E38SR3tvQNOlJYIxYVdBMT/ATr/Yqi8NAoL7hJAKkX8OL28o5ZdGSu2k Em6Q== X-Gm-Message-State: ANoB5pkzs6d7x6XPTqrDTSATkEEKpmAE0LT99jtyNwnXApXMEsuRvNpN O+Zbsu7uK4l4XeY7BHhOpxBO1oMIMqynWUZ/eKijbLiWY+g= X-Received: by 2002:adf:ebc7:0:b0:242:359d:ea96 with SMTP id v7-20020adfebc7000000b00242359dea96mr19934622wrn.35.1670837228828; Mon, 12 Dec 2022 01:27:08 -0800 (PST) MIME-Version: 1.0 References: <20221212061836.3620-1-richard.xnu.clark@gmail.com> In-Reply-To: From: richard clark Date: Mon, 12 Dec 2022 17:26:57 +0800 Message-ID: Subject: Re: [PATCH] workqueue: Prevent a new work item from queueing into a destruction wq To: Lai Jiangshan Cc: Tejun Heo , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 12, 2022 at 2:48 PM Lai Jiangshan wrote: > > On Mon, Dec 12, 2022 at 2:23 PM Tejun Heo wrote: > > > > On Mon, Dec 12, 2022 at 02:18:36PM +0800, Richard Clark wrote: > > > Currently the __WQ_DRAINING is used to prevent a new work item from queueing > > > to a draining workqueue, but this flag will be cleared before the end of a > > > RCU grace period. Because the workqueue instance is actually freed after > > > the RCU grace period, this fact results in an opening window in which a new > > > work item can be queued into a destorying workqueue and be scheduled > > > consequently, for instance, the below code snippet demos this accident: > > > > I mean, this is just use-after-free. The same scenario can happen with > > non-RCU frees or if there happens to be an RCU grace period inbetween. I'm > > not sure what's being protected here. > > I think it is a kind of debugging facility with no overhead in the > fast path. Agree... > > It is indeed the caller's responsibility not to do use-after-free. > > For non-RCU free, the freed workqueue's state can be arbitrary soon and > the caller might get a complaint. And if there are some kinds of debugging > facilities for freed memory, the system can notice the problem earlier. This case will trigger a noticeable kernel BUG > > But now is RCU free for the workqueue, and the workqueue has nothing > different between before and after destroy_workqueue() unless the > grace period ends and the memory-allocation subsystem takes charge of > the memory. > destroy_workqueue(wq0); schedule_timeout_interruptible(msecs_to_jiffies(1000)); queue_work_on(1, wq0, &w0); Sleep 1s to guarantee the RCU grace period completes, then the same result with non-RCU free Thanks > > > Thanks > Lai