Re: [PATCH net v2 2/2] pds_core: fix use-after-free on workqueue during remove
From: Rao, Nikhil <hidden>
Date: 2026-06-29 23:42:13
From: Rao, Nikhil <hidden>
Date: 2026-06-29 23:42:13
Hi, On 6/29/2026 2:32 PM, Harshitha Ramamurthy wrote:
On Mon, Jun 29, 2026 at 1:04 PM Nikhil P. Rao [off-list ref] wrote:quoted
[..]
quoted
Also change pdsc_core_uninit() to free adminqcq before notifyqcq, since adminqcq's work accesses notifyqcq via pdsc_process_notifyq(). This ensures notifyqcq remains valid while adminqcq's work drains.Code LGTM but wonder if this change could be split into a separate patch.
Thanks for the review. The previous code had the bug this patch fixes: destroy_workqueue() was called before pdsc_teardown(), so work could be queued to a destroyed workqueue. This patch fixes it by moving destroy_workqueue() after pdsc_teardown(), now adminqcq's work accesses notifyqcq, hence the change in order of freeing is tied to the fix. Nikhil