From: Alice Ryhl <aliceryhl@google.com>
To: Danilo Krummrich <dakr@kernel.org>
Cc: "Tejun Heo" <tj@kernel.org>, "Miguel Ojeda" <ojeda@kernel.org>,
"Lai Jiangshan" <jiangshanlai@gmail.com>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Benno Lossin" <benno.lossin@proton.me>,
"Andreas Hindborg" <a.hindborg@kernel.org>,
"Trevor Gross" <tmgross@umich.edu>,
"Daniel Almeida" <daniel.almeida@collabora.com>,
"Tamir Duberstein" <tamird@gmail.com>,
rust-for-linux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] workqueue: rust: add creation of workqueues
Date: Wed, 16 Apr 2025 12:17:48 +0000 [thread overview]
Message-ID: <Z_-f7Bgjw35iXkui@google.com> (raw)
In-Reply-To: <Z_45kDv_wAHIBNpI@cassiopeiae>
On Tue, Apr 15, 2025 at 12:48:48PM +0200, Danilo Krummrich wrote:
> On Tue, Apr 15, 2025 at 09:01:35AM +0000, Alice Ryhl wrote:
> > On Mon, Apr 14, 2025 at 08:15:41PM +0200, Danilo Krummrich wrote:
> > > On Fri, Apr 11, 2025 at 03:34:24PM +0000, Alice Ryhl wrote:
> > > >
> > > > +/// An owned kernel work queue.
> > >
> > > I'd suggest to document that dropping an OwnedQueue will wait for pending work.
> > >
> > > Additionally, given that you're about to implement delayed work as well, we
> > > should also mention that destroy_workqueue() currently does not cover waiting
> > > for delayed work *before* it is scheduled and hence may cause WARN() splats or
> > > even UAF bugs.
> >
> > Ah, that's a problem :(
> >
> > Can we make destroy_workqueue() wait for delayed items too? And/or have
> > a variant of it that does so? I'm not sure what is best to do here...
>
> I think the problem is that the workq is not aware of all the timers in flight
> and simply queues the work in the timer callback. See also [1].
>
> I'm not sure there's an easy solution to that, without adding extra overhead,
> such as keeping a list of timers in flight in the workqueue end. :(
>
> [1] https://elixir.bootlin.com/linux/v6.13.7/source/kernel/workqueue.c#L2489
It looks like panthor handles this by only having a single delayed work
item on each queue and using cancel_delayed_work_sync before calling
destroy_workqueue.
Tejun, what do you suggest? The goal of the Rust API is to make it
impossible to accidentally trigger a UAF, so we need to design the API
to prevent this mistake.
Alice
next prev parent reply other threads:[~2025-04-16 12:17 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-11 15:34 [PATCH] workqueue: rust: add creation of workqueues Alice Ryhl
2025-04-14 17:23 ` Tejun Heo
2025-04-15 9:05 ` Alice Ryhl
2025-04-15 17:03 ` Tejun Heo
2025-04-14 18:15 ` Danilo Krummrich
2025-04-15 9:01 ` Alice Ryhl
2025-04-15 10:48 ` Danilo Krummrich
2025-04-16 12:17 ` Alice Ryhl [this message]
2025-04-16 19:41 ` Alice Ryhl
2025-04-16 19:57 ` Tejun Heo
2025-04-17 7:22 ` Philipp Stanner
2025-04-17 7:28 ` Tejun Heo
2025-04-17 20:26 ` Alice Ryhl
2025-04-17 20:36 ` Danilo Krummrich
2025-04-17 20:39 ` Tejun Heo
2025-04-16 19:53 ` Tejun Heo
2025-04-16 20:08 ` Alice Ryhl
2025-04-16 20:10 ` Tejun Heo
2025-04-16 20:12 ` Alice Ryhl
2025-04-16 20:14 ` Tejun Heo
2025-04-16 20:18 ` Alice Ryhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z_-f7Bgjw35iXkui@google.com \
--to=aliceryhl@google.com \
--cc=a.hindborg@kernel.org \
--cc=benno.lossin@proton.me \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=dakr@kernel.org \
--cc=daniel.almeida@collabora.com \
--cc=gary@garyguo.net \
--cc=jiangshanlai@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ojeda@kernel.org \
--cc=rust-for-linux@vger.kernel.org \
--cc=tamird@gmail.com \
--cc=tj@kernel.org \
--cc=tmgross@umich.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.