Hello, On Fri, May 29, 2020 at 10:58:46PM +0800, Lai Jiangshan wrote: > I'm not sure I understood your words. And I'm not > sure which function may use freed object in "use-after-free". > Is it "send_mayday() may use a freed rescuer"? > > This patch relies on > def98c84b6 ("workqueue: Fix spurious sanity check failures in > destroy_workqueue()") > to move the kthread_stop() before the sanity check and the work > of drain_workqueue() which guarantees there is no work item > in the workqueue. If send_mayday() still goes wrong after > drain_workqueue(), the user must have queued work items and > invoked destroy_workqueue() concurrently. It is excellent > if the sanity check can find this case out, but it is not possible > that the sanity check can always live through it since it is > not worqueue's internal fault. We hope the sanity check can > find all the internal fault, but not to the extend that > it can always work when any user uses it in a very wrong way.
Yeah, it's not fool proof but it's difficult for me to see what is better after the patch. What does the patch actually improve? Thanks. -- tejun