Thread (7 messages) 7 messages, 4 authors, 2d ago

Re: [PATCH net v2 2/2] pds_core: fix use-after-free on workqueue during remove

From: Rao, Nikhil <hidden>
Date: 2026-06-29 23:42:13

Hi,

On 6/29/2026 2:32 PM, Harshitha Ramamurthy wrote:
On Mon, Jun 29, 2026 at 1:04 PM Nikhil P. Rao [off-list ref] wrote:
quoted
[..]
quoted
Also change pdsc_core_uninit() to free adminqcq before notifyqcq,
since adminqcq's work accesses notifyqcq via pdsc_process_notifyq().
This ensures notifyqcq remains valid while adminqcq's work drains.
Code LGTM but wonder if this change could be split into a separate patch.
Thanks for the review.

The previous code had the bug this patch fixes: destroy_workqueue() was 
called before pdsc_teardown(), so work could be queued to a destroyed 
workqueue.

This patch fixes it by moving destroy_workqueue() after pdsc_teardown(), 
now adminqcq's work accesses notifyqcq, hence the change in order of 
freeing is tied to the fix.

Nikhil
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help