| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Jan 2019 14:48:53 -0500
From: Daniel Jordan <daniel.m.jordan@...cle.com>
To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: Tejun Heo <tj@...nel.org>, Lai Jiangshan <jiangshanlai@...il.com>,
linux-kernel@...r.kernel.org, daniel.m.jordan@...cle.com
Subject: Re: [PATCH] workqueue: Try to catch flush_work() without INIT_WORK().
On Sat, Jan 19, 2019 at 02:04:58AM +0900, Tetsuo Handa wrote:
> syzbot found a flush_work() caller who forgot to call INIT_WORK()
> because that work_struct was allocated by kzalloc(). But the message
>
> INFO: trying to register non-static key.
> the code is fine but needs lockdep annotation.
> turning off the locking correctness validator.
>
> by lock_map_acquire() is failing to tell that INIT_WORK() is missing.
>
> Since flush_work() without INIT_WORK() is a bug, and INIT_WORK() should
> set ->func field to non-zero, let's warn if ->func field is zero.
Agree that it's a good idea to catch this. So the caller did flush_work
without queueing it beforehand? Out of curiosity, what situation leads to
this? Link to the report might be helpful.
> diff --git a/kernel/workqueue.c b/kernel/workqueue.c
> index 392be4b..a503ad9 100644
> --- a/kernel/workqueue.c
> +++ b/kernel/workqueue.c
> @@ -2908,6 +2908,9 @@ static bool __flush_work(struct work_struct *work, bool from_cancel)
> if (WARN_ON(!wq_online))
> return false;
>
> + if (WARN_ON(!work->func))
> + return false;
> +
__queue_work has a sanity check already for work, but using list_empty. Seems
slightly better to be consistent?
Powered by blists - more mailing lists