* [PATCH] workqueue: Add a new flag to spot the potential UAF error
@ 2022-12-13 4:39 Richard Clark
2022-12-14 7:16 ` Lai Jiangshan
2023-01-04 22:26 ` Tejun Heo
0 siblings, 2 replies; 4+ messages in thread
From: Richard Clark @ 2022-12-13 4:39 UTC (permalink / raw)
To: jiangshanlai, tj; +Cc: linux-kernel, Richard Clark
Currently if the user queues a new work item unintentionally
into a wq after the destroy_workqueue(wq), the work still can
be queued and scheduled without any noticeable kernel message
before the end of a RCU grace period.
As a debug-aid facility, this commit adds a new flag
__WQ_DESTROYING to spot that issue by triggering a kernel WARN
message.
Signed-off-by: Richard Clark <richard.xnu.clark@gmail.com>
---
include/linux/workqueue.h | 1 +
kernel/workqueue.c | 15 ++++++++++++---
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/include/linux/workqueue.h b/include/linux/workqueue.h
index a0143dd24430..ac551b8ee7d9 100644
--- a/include/linux/workqueue.h
+++ b/include/linux/workqueue.h
@@ -335,6 +335,7 @@ enum {
*/
WQ_POWER_EFFICIENT = 1 << 7,
+ __WQ_DESTROYING = 1 << 15, /* internal: workqueue is destroying */
__WQ_DRAINING = 1 << 16, /* internal: workqueue is draining */
__WQ_ORDERED = 1 << 17, /* internal: workqueue is ordered */
__WQ_LEGACY = 1 << 18, /* internal: create*_workqueue() */
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 39060a5d0905..30dc6869b3fd 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -1433,9 +1433,13 @@ static void __queue_work(int cpu, struct workqueue_struct *wq,
lockdep_assert_irqs_disabled();
- /* if draining, only works from the same workqueue are allowed */
- if (unlikely(wq->flags & __WQ_DRAINING) &&
- WARN_ON_ONCE(!is_chained_work(wq)))
+ /*
+ * For a draining wq, only works from the same workqueue are
+ * allowed. The __WQ_DESTROYING helps to spot the issue that
+ * queues a new work item to a wq after destroy_workqueue(wq).
+ */
+ if (unlikely(wq->flags & (__WQ_DESTROYING | __WQ_DRAINING)
+ && WARN_ON_ONCE(!is_chained_work(wq))))
return;
rcu_read_lock();
retry:
@@ -4414,6 +4418,11 @@ void destroy_workqueue(struct workqueue_struct *wq)
*/
workqueue_sysfs_unregister(wq);
+ /* mark the workqueue destruction is in progress */
+ mutex_lock(&wq->mutex);
+ wq->flags |= __WQ_DESTROYING;
+ mutex_unlock(&wq->mutex);
+
/* drain it before proceeding with destruction */
drain_workqueue(wq);
--
2.37.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] workqueue: Add a new flag to spot the potential UAF error
2022-12-13 4:39 [PATCH] workqueue: Add a new flag to spot the potential UAF error Richard Clark
@ 2022-12-14 7:16 ` Lai Jiangshan
2022-12-16 1:14 ` richard clark
2023-01-04 22:26 ` Tejun Heo
1 sibling, 1 reply; 4+ messages in thread
From: Lai Jiangshan @ 2022-12-14 7:16 UTC (permalink / raw)
To: Richard Clark; +Cc: tj, linux-kernel
On Tue, Dec 13, 2022 at 12:40 PM Richard Clark
<richard.xnu.clark@gmail.com> wrote:
>
> Currently if the user queues a new work item unintentionally
> into a wq after the destroy_workqueue(wq), the work still can
> be queued and scheduled without any noticeable kernel message
> before the end of a RCU grace period.
>
> As a debug-aid facility, this commit adds a new flag
> __WQ_DESTROYING to spot that issue by triggering a kernel WARN
> message.
>
> Signed-off-by: Richard Clark <richard.xnu.clark@gmail.com>
Reviewed-by: Lai Jiangshan <jiangshanlai@gmail.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] workqueue: Add a new flag to spot the potential UAF error
2022-12-14 7:16 ` Lai Jiangshan
@ 2022-12-16 1:14 ` richard clark
0 siblings, 0 replies; 4+ messages in thread
From: richard clark @ 2022-12-16 1:14 UTC (permalink / raw)
To: Lai Jiangshan; +Cc: tj, linux-kernel
Hello TJ,
On Wed, Dec 14, 2022 at 3:16 PM Lai Jiangshan <jiangshanlai@gmail.com> wrote:
>
> On Tue, Dec 13, 2022 at 12:40 PM Richard Clark
> <richard.xnu.clark@gmail.com> wrote:
> >
> > Currently if the user queues a new work item unintentionally
> > into a wq after the destroy_workqueue(wq), the work still can
> > be queued and scheduled without any noticeable kernel message
> > before the end of a RCU grace period.
> >
> > As a debug-aid facility, this commit adds a new flag
> > __WQ_DESTROYING to spot that issue by triggering a kernel WARN
> > message.
> >
> > Signed-off-by: Richard Clark <richard.xnu.clark@gmail.com>
>
> Reviewed-by: Lai Jiangshan <jiangshanlai@gmail.com>
What do I need to do for this patch next?
Thanks
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] workqueue: Add a new flag to spot the potential UAF error
2022-12-13 4:39 [PATCH] workqueue: Add a new flag to spot the potential UAF error Richard Clark
2022-12-14 7:16 ` Lai Jiangshan
@ 2023-01-04 22:26 ` Tejun Heo
1 sibling, 0 replies; 4+ messages in thread
From: Tejun Heo @ 2023-01-04 22:26 UTC (permalink / raw)
To: Richard Clark; +Cc: jiangshanlai, linux-kernel
On Tue, Dec 13, 2022 at 12:39:36PM +0800, Richard Clark wrote:
> Currently if the user queues a new work item unintentionally
> into a wq after the destroy_workqueue(wq), the work still can
> be queued and scheduled without any noticeable kernel message
> before the end of a RCU grace period.
>
> As a debug-aid facility, this commit adds a new flag
> __WQ_DESTROYING to spot that issue by triggering a kernel WARN
> message.
>
> Signed-off-by: Richard Clark <richard.xnu.clark@gmail.com>
Applied to wq/for-6.3 w/ whitespace adjustments.
Thanks.
--
tejun
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-01-04 22:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-13 4:39 [PATCH] workqueue: Add a new flag to spot the potential UAF error Richard Clark
2022-12-14 7:16 ` Lai Jiangshan
2022-12-16 1:14 ` richard clark
2023-01-04 22:26 ` Tejun Heo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).