lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 24 May 2020 17:33:02 +0200
From:   Markus Elfring <Markus.Elfring@....de>
To:     Zhang Qiang <qiang.zhang@...driver.com>,
        Lai Jiangshan <jiangshanlai@...il.com>,
        Tejun Heo <tj@...nel.org>
Cc:     linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] workqueue: Fix double kfree(rescuer) in
 destroy_workqueue()

> When destroy_workqueue if rescuer worker exist,wq->rescuer pointer be
> kfree. if sanity checks passed. the func call_rcu(&wq->rcu, rcu_free_wq)
> will be called if the wq->flags & WQ_UNBOUND is false,in rcu_free_wq
> func wq->rescuer pointer was kfree again.

1. I suggest to improve also this change description.
   Do you try to explain here that a call of the function “free_workqueue_attrs”
   (or “free_percpu”) would perform sufficient clean-up of system resources
   in this use case?

2. You proposed to delete the function call “kfree(wq->rescuer)” from
   the implementation of the function “rcu_free_wq”.
   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/kernel/workqueue.c?id=c11d28ab4a691736e30b49813fb801847bd44e83#n3482
   https://elixir.bootlin.com/linux/v5.7-rc6/source/kernel/workqueue.c#L3482

   This function name should be specified also in the patch subject,
   shouldn't it?

3. Would you like to add the tag “Fixes” to the commit message?

Regards,
Markus

Powered by blists - more mailing lists