From: Libin <huawei.libin@huawei.com>
To: Tejun Heo <tj@kernel.org>
Cc: <linux-kernel@vger.kernel.org>, <wangyijing@huawei.com>,
<guohanjun@huawei.com>
Subject: Re: [PATCH] workqueue: fix potential reentrancy issue
Date: Tue, 10 Sep 2013 08:33:33 +0800 [thread overview]
Message-ID: <522E68DD.2040500@huawei.com> (raw)
In-Reply-To: <20130909141430.GD25434@htj.dyndns.org>
Hello Tejun,
On 2013/9/9 22:14, Tejun Heo wrote:
> On Mon, Sep 09, 2013 at 01:12:14PM +0800, Libin wrote:
>> From: Li Bin <huawei.libin@huawei.com>
>>
>> When one work starts execution, the high bits of work's data contain
>> pool ID. It can represent a maximum of WORK_OFFQ_POOL_NONE. Pool ID
>> is assigned WORK_OFFQ_POOL_NONE when the work being initialized
>> indicating that no pool is associated and get_work_pool() uses it to
>> check the associated pool. So if worker_pool_assign_id() assigns a
>> ID greater than or equal WORK_OFFQ_POOL_NONE to a pool, it may break
>> the non-reentrance guarantee.
>>
>> This patch fix this issue by modifying the worker_pool_assign_id()
>> function to add the WORK_OFFQ_POOL_NONE check condition.
>>
>> Signed-off-by: Li Bin <huawei.libin@huawei.com>
>> ---
>> kernel/workqueue.c | 11 ++++++++++-
>> 1 file changed, 10 insertions(+), 1 deletion(-)
>>
>> diff --git a/kernel/workqueue.c b/kernel/workqueue.c
>> index 41019b1..97d9ff7 100644
>> --- a/kernel/workqueue.c
>> +++ b/kernel/workqueue.c
>> @@ -518,7 +518,14 @@ static inline void debug_work_activate(struct work_struct *work) { }
>> static inline void debug_work_deactivate(struct work_struct *work) { }
>> #endif
>>
>> -/* allocate ID and assign it to @pool */
>> +/**
>> + * worker_pool_assign_id - allocate ID and assing it to @pool
>> + * @pool: the pool pointer of interest
>> + *
>> + * Return 0 if ID assigned successful.
>> + * Return non-zero if the allocation fails or the ID number out of
>> + * %WORK_OFFQ_POOL_NONE range.
>> + */
>> static int worker_pool_assign_id(struct worker_pool *pool)
>> {
>> int ret;
>> @@ -526,6 +533,8 @@ static int worker_pool_assign_id(struct worker_pool *pool)
>> lockdep_assert_held(&wq_pool_mutex);
>>
>> ret = idr_alloc(&worker_pool_idr, pool, 0, 0, GFP_KERNEL);
>> + if (ret >= WORK_OFFQ_POOL_NONE)
>> + return ret;
>
> Hmmm.... this would leak the allocated ID. Just setting @end param to
> idr_alloc to WORK_OFFQ_POOL_NONE would work, right?
>
Yes, I will update it with the last patch.
Thanks!
Libin
> Thanks.
>
prev parent reply other threads:[~2013-09-10 0:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-09 5:12 [PATCH] workqueue: fix potential reentrancy issue Libin
2013-09-09 14:14 ` Tejun Heo
2013-09-10 0:33 ` Libin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=522E68DD.2040500@huawei.com \
--to=huawei.libin@huawei.com \
--cc=guohanjun@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tj@kernel.org \
--cc=wangyijing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.