From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752554AbcF2NQG (ORCPT ); Wed, 29 Jun 2016 09:16:06 -0400 Received: from mail-io0-f195.google.com ([209.85.223.195]:35226 "EHLO mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752516AbcF2NQD (ORCPT ); Wed, 29 Jun 2016 09:16:03 -0400 Date: Wed, 29 Jun 2016 09:15:52 -0400 From: Tejun Heo To: Petr Mladek Cc: Peter Zijlstra , Andrew Morton , Oleg Nesterov , Ingo Molnar , Steven Rostedt , "Paul E. McKenney" , Josh Triplett , Thomas Gleixner , Linus Torvalds , Jiri Kosina , Borislav Petkov , Michal Hocko , linux-mm@kvack.org, Vlastimil Babka , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v9 06/12] kthread: Add kthread_drain_worker() Message-ID: <20160629131552.GA24054@htj.duckdns.org> References: <1466075851-24013-1-git-send-email-pmladek@suse.com> <1466075851-24013-7-git-send-email-pmladek@suse.com> <20160622205445.GV30909@twins.programming.kicks-ass.net> <20160623213258.GO3262@mtj.duckdns.org> <20160624070515.GU30154@twins.programming.kicks-ass.net> <20160624155447.GY3262@mtj.duckdns.org> <20160627143350.GA3313@pathway.suse.cz> <20160628170447.GE5185@htj.duckdns.org> <20160629081748.GA3238@pathway.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160629081748.GA3238@pathway.suse.cz> User-Agent: Mutt/1.6.1 (2016-04-27) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Wed, Jun 29, 2016 at 10:17:48AM +0200, Petr Mladek wrote: > > Ah, okay, I don't think we need to change this. I was suggesting to > > simplify it by dropping the draining and just do flush from destroy. > > I see. But then it does not address the original concern from Peter > Zijlstra. He did not like that the caller was responsible for blocking > further queueing. It still will be needed. Or did I miss something, > please? You can only protect against so much. Let's say we make the worker struct to be allocated by the user, what then prevents it prematurely from user side? Use-after-free is use-after-free. If we can trivally add some protection against it, great, but no need to contort the design to add marginal protection. Thanks. -- tejun From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tejun Heo Subject: Re: [PATCH v9 06/12] kthread: Add kthread_drain_worker() Date: Wed, 29 Jun 2016 09:15:52 -0400 Message-ID: <20160629131552.GA24054@htj.duckdns.org> References: <1466075851-24013-1-git-send-email-pmladek@suse.com> <1466075851-24013-7-git-send-email-pmladek@suse.com> <20160622205445.GV30909@twins.programming.kicks-ass.net> <20160623213258.GO3262@mtj.duckdns.org> <20160624070515.GU30154@twins.programming.kicks-ass.net> <20160624155447.GY3262@mtj.duckdns.org> <20160627143350.GA3313@pathway.suse.cz> <20160628170447.GE5185@htj.duckdns.org> <20160629081748.GA3238@pathway.suse.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <20160629081748.GA3238-KsEp0d+Q8qECVLCxKZUutA@public.gmane.org> Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Petr Mladek Cc: Peter Zijlstra , Andrew Morton , Oleg Nesterov , Ingo Molnar , Steven Rostedt , "Paul E. McKenney" , Josh Triplett , Thomas Gleixner , Linus Torvalds , Jiri Kosina , Borislav Petkov , Michal Hocko , linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, Vlastimil Babka , linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-api@vger.kernel.org Hello, On Wed, Jun 29, 2016 at 10:17:48AM +0200, Petr Mladek wrote: > > Ah, okay, I don't think we need to change this. I was suggesting to > > simplify it by dropping the draining and just do flush from destroy. > > I see. But then it does not address the original concern from Peter > Zijlstra. He did not like that the caller was responsible for blocking > further queueing. It still will be needed. Or did I miss something, > please? You can only protect against so much. Let's say we make the worker struct to be allocated by the user, what then prevents it prematurely from user side? Use-after-free is use-after-free. If we can trivally add some protection against it, great, but no need to contort the design to add marginal protection. Thanks. -- tejun From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io0-f197.google.com (mail-io0-f197.google.com [209.85.223.197]) by kanga.kvack.org (Postfix) with ESMTP id EC5E36B0253 for ; Wed, 29 Jun 2016 09:16:02 -0400 (EDT) Received: by mail-io0-f197.google.com with SMTP id x68so102678066ioi.0 for ; Wed, 29 Jun 2016 06:16:02 -0700 (PDT) Received: from mail-io0-x243.google.com (mail-io0-x243.google.com. [2607:f8b0:4001:c06::243]) by mx.google.com with ESMTPS id m134si4717608ith.114.2016.06.29.06.16.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Jun 2016 06:16:02 -0700 (PDT) Received: by mail-io0-x243.google.com with SMTP id 100so5236597ioh.1 for ; Wed, 29 Jun 2016 06:16:02 -0700 (PDT) Date: Wed, 29 Jun 2016 09:15:52 -0400 From: Tejun Heo Subject: Re: [PATCH v9 06/12] kthread: Add kthread_drain_worker() Message-ID: <20160629131552.GA24054@htj.duckdns.org> References: <1466075851-24013-1-git-send-email-pmladek@suse.com> <1466075851-24013-7-git-send-email-pmladek@suse.com> <20160622205445.GV30909@twins.programming.kicks-ass.net> <20160623213258.GO3262@mtj.duckdns.org> <20160624070515.GU30154@twins.programming.kicks-ass.net> <20160624155447.GY3262@mtj.duckdns.org> <20160627143350.GA3313@pathway.suse.cz> <20160628170447.GE5185@htj.duckdns.org> <20160629081748.GA3238@pathway.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160629081748.GA3238@pathway.suse.cz> Sender: owner-linux-mm@kvack.org List-ID: To: Petr Mladek Cc: Peter Zijlstra , Andrew Morton , Oleg Nesterov , Ingo Molnar , Steven Rostedt , "Paul E. McKenney" , Josh Triplett , Thomas Gleixner , Linus Torvalds , Jiri Kosina , Borislav Petkov , Michal Hocko , linux-mm@kvack.org, Vlastimil Babka , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org Hello, On Wed, Jun 29, 2016 at 10:17:48AM +0200, Petr Mladek wrote: > > Ah, okay, I don't think we need to change this. I was suggesting to > > simplify it by dropping the draining and just do flush from destroy. > > I see. But then it does not address the original concern from Peter > Zijlstra. He did not like that the caller was responsible for blocking > further queueing. It still will be needed. Or did I miss something, > please? You can only protect against so much. Let's say we make the worker struct to be allocated by the user, what then prevents it prematurely from user side? Use-after-free is use-after-free. If we can trivally add some protection against it, great, but no need to contort the design to add marginal protection. Thanks. -- tejun -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org