Re: [PATCH -rc] workqueue: Reimplement UAF fix to avoid lockdep worning

[Leon Romanovsky <leon@kernel.org>]

On Thu, Jun 06, 2024 at 10:38:01AM +0300, Leon Romanovsky wrote:
> On Wed, Jun 05, 2024 at 07:10:55PM +0800, Hillf Danton wrote:
> > On Tue, 4 Jun 2024 21:58:04 +0300 Leon Romanovsky <leon@kernel.org>
> > > On Tue, Jun 04, 2024 at 06:30:49AM -1000, Tejun Heo wrote:
> > > > On Tue, Jun 04, 2024 at 02:38:34PM +0300, Leon Romanovsky wrote:
> > > > > Thanks, it is very rare situation where call to flush/drain queue
> > > > > (in our case kthread_flush_worker) in the middle of the allocation
> > > > > flow can be correct. I can't remember any such case.
> > > > >
> > > > > So even we don't fully understand the root cause, the reimplementation
> > > > > is still valid and improves existing code.
> > > > 
> > > > It's not valid. pwq release is async and while wq free in the error path
> > > > isn't. The flush is there so that we finish the async part before
> > > > synchronize error handling. The patch you posted will can lead to double
> > > > free after a pwq allocation failure. We can make the error path synchronous
> > > > but the pwq free path should be updated first so that it stays synchronous
> > > > in the error path. Note that it *needs* to be asynchronous in non-error
> > > > paths, so it's going to be a bit subtle one way or the other.
> > > 
> > > But at that point, we didn't add newly created WQ to any list which will execute
> > > that asynchronous release. Did I miss something?
> > > 
> > Maybe it is more subtle than thought, but not difficult to make the wq
> > allocation path sync. See if the patch could survive your test.
> 
> Thanks, I started to run our tests with Dan's revert.
> https://lore.kernel.org/all/171711745834.1628941.5259278474013108507.stgit@dwillia2-xfh.jf.intel.com/
> 
> As premature results, it fixed my lockdep warnings, but it will take time till I get full confidence.

Don't series fixed reported issue.

Thanks