Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7586549rwb; Mon, 12 Dec 2022 17:18:23 -0800 (PST) X-Google-Smtp-Source: AA0mqf65+f3NW9ArshrOhfDdi7SeMV8IdwiaQfITuYUSXhkP58NrbOdzyT8V9v5IRWEhn8cz8Nvt X-Received: by 2002:a17:903:2449:b0:190:c219:ae1e with SMTP id l9-20020a170903244900b00190c219ae1emr1391831pls.31.1670894303746; Mon, 12 Dec 2022 17:18:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670894303; cv=none; d=google.com; s=arc-20160816; b=JQgpr5Pwp3fd3aSNtB18ximYr98O3/ONXfsGEcFFuQWYDpcpeRXLwophuh3bZLM0qg oR/jjqKoNKOTXIErCx0+hcWOuFbxXRPw3O8XXGiJIx1F3Pa5/wuJjqpAybD9u71pPAew Zy/laD9MPOREo8YiF7jRxdycrjzQqNAik5S3KltRbsx4Hx7ijgOaDdVabtOjEIolFqdI yO/1tAsoFrp6NzhndGAT8Ref88AH9L00S/sZ/M7cQPxe3BmG+pyCDRy54Y39jd3pO63u 5G/kHRsm0TPF4et4RT4w3z/FG+PNyCu59chw4tqbL8wmJW7/W5HHHVGqvGamMP8JcuXy GpCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=FMF1WryJYAL52DrPmPV1bTKAGt8XywNx2Fj7RGuPtjc=; b=EUf45P70T9CcQIv1SvFr9fYB4L0UGiCfS6Vm+t3VrDpILO08jm6obFSAiczyucG2+W VZPnd0/yvYroMjTZ12S/oh1hjHwAJlLrZuIF7zZ8tN7HdtKJNJLQexuuy39Nimvjufwa JKQFmyKA/GbS6NWO5LFhaeN1DfKvscs303fMDkSEaRHJfeZXARMpQ10K2PYIADxm7v4i EbzyaVK/OTAtuguPhaTO8JvryUjpCCCQc00bM1pY+CAvz6hvrsi0yIcLKqpajMBJhLrA 9dGKCiwL9hyAa3i32Mr/njb4yo+oNoPJEiI1xu1gWzUQQHzIGjL76W0aNJiyKNZjXfOI 0xDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=h+3rnHji; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d19-20020a170903209300b00189cc5abfb9si10002096plc.3.2022.12.12.17.18.13; Mon, 12 Dec 2022 17:18:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=h+3rnHji; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233852AbiLMBKE (ORCPT + 75 others); Mon, 12 Dec 2022 20:10:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230002AbiLMBKC (ORCPT ); Mon, 12 Dec 2022 20:10:02 -0500 Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB4DD1BE91 for ; Mon, 12 Dec 2022 17:10:01 -0800 (PST) Received: by mail-wm1-x32d.google.com with SMTP id ja17so4275702wmb.3 for ; Mon, 12 Dec 2022 17:10:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=FMF1WryJYAL52DrPmPV1bTKAGt8XywNx2Fj7RGuPtjc=; b=h+3rnHji3fnp12yIK2zcrF8VGXuUr3aJV6N+197XgdZkBVkQpaZU8A0XQ+vx3dXpqE RXlmugMS2HqFDHpexayjWvzCN2yYRciPqYzt7q2w75zQ5RlWI0Lja9usVcR9aJf5KTYt obB/bIikgDfSVL7b/JHV9emZVPCleobYzPeH2MvwZiPoWmxV+ZvWei7t3m5789iuN9FW Fv2n4yrf5iFoTdc3Jf+JthMoVYJLoEKHQaYeg27x+sSmeqU+mjjOHcyZ2OEEnx6+7aTF nGbEjKXhBW7lfXO0Vpjk4jO5uFYd+xoxNFNLE7i940y8Pczz/Ps3YS8Ebbbq5GBdIq/0 xMaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FMF1WryJYAL52DrPmPV1bTKAGt8XywNx2Fj7RGuPtjc=; b=iw0aijhW4Wa7jhTnphkQL4QMlmrjxF17EMfiAaCOM83jGIsPIRZtbRN5p4xH7sy1PI 8XcrqXMRCgGPrC3pH8UsCTIyhkIzauiiSF5sKXjOl2OrhoyzlNwXIllVP0N3tUphv4mB lvQI9MnXKNkdh0xUJ4SRd2uSWUtLqCZGyWIZ1U2A9FB6JpVHiLotQ9oxu+C1k6poiQbC XSaUqC81CVUtH7Jj5FDz4UKFvW8fyGDWc5QXb70FsNoTz8pDGcDwzfIx3n8n3koX3g5B 20ejOvkET1zeCFLZC7ZSyTnHRaTnr8w5qpmE1vFeGjMVzqCWUgNDUOXdVHxqPcvZ8a38 HxLA== X-Gm-Message-State: ANoB5pnslz1IChY5eqidWogo5C0Lhw3QshUmMF8iYVSjKN5OguzD/AYC dECB1wJPVTcQ+tj6IIGH3DI9lj0nBr2dRakO/kg= X-Received: by 2002:a05:600c:5117:b0:3d0:bda:f2c with SMTP id o23-20020a05600c511700b003d00bda0f2cmr55619wms.117.1670893800237; Mon, 12 Dec 2022 17:10:00 -0800 (PST) MIME-Version: 1.0 References: <20221212061836.3620-1-richard.xnu.clark@gmail.com> In-Reply-To: From: richard clark Date: Tue, 13 Dec 2022 09:09:48 +0800 Message-ID: Subject: Re: [PATCH] workqueue: Prevent a new work item from queueing into a destruction wq To: Tejun Heo Cc: Lai Jiangshan , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 13, 2022 at 6:27 AM Tejun Heo wrote: > > On Mon, Dec 12, 2022 at 02:48:25PM +0800, Lai Jiangshan wrote: > > On Mon, Dec 12, 2022 at 2:23 PM Tejun Heo wrote: > > > > > > On Mon, Dec 12, 2022 at 02:18:36PM +0800, Richard Clark wrote: > > > > Currently the __WQ_DRAINING is used to prevent a new work item from queueing > > > > to a draining workqueue, but this flag will be cleared before the end of a > > > > RCU grace period. Because the workqueue instance is actually freed after > > > > the RCU grace period, this fact results in an opening window in which a new > > > > work item can be queued into a destorying workqueue and be scheduled > > > > consequently, for instance, the below code snippet demos this accident: > > > > > > I mean, this is just use-after-free. The same scenario can happen with > > > non-RCU frees or if there happens to be an RCU grace period inbetween. I'm > > > not sure what's being protected here. > > > > I think it is a kind of debugging facility with no overhead in the > > fast path. > > > > It is indeed the caller's responsibility not to do use-after-free. > > > > For non-RCU free, the freed workqueue's state can be arbitrary soon and > > the caller might get a complaint. And if there are some kinds of debugging > > facilities for freed memory, the system can notice the problem earlier. > > > > But now is RCU free for the workqueue, and the workqueue has nothing > > different between before and after destroy_workqueue() unless the > > grace period ends and the memory-allocation subsystem takes charge of > > the memory. > > idk, maybe? It seems kinda out of scope. Richard, can you update the patch > description and comment so that they clearly state that this is a debug aid > to help spotting user errors? Sure, will update soon Thanks > > Thanks. > > -- > tejun