Sorry I didn't describe clearly
I describe the meaning as follows:
destroy_workqueue:
if(wq->rescuer)
struct worker *rescuer = wq->rescuer
kfree(rescuer) //first kfree
if (!(wq->flags & WQ_UNBOUND))
call_rcu(&wq->rcu, rcu_free_wq)
rcu_free_wq
kfree(wq->rescuer) //second kfree
there are double free.
On 5/24/20 11:33 PM, Markus Elfring wrote:
When destroy_workqueue if rescuer worker exist,wq->rescuer pointer be
kfree. if sanity checks passed. the func call_rcu(&wq->rcu, rcu_free_wq)
will be called if the wq->flags & WQ_UNBOUND is false,in rcu_free_wq
func wq->rescuer pointer was kfree again.
1. I suggest to improve also this change description.
Do you try to explain here that a call of the function
“free_workqueue_attrs”
(or “free_percpu”) would perform sufficient clean-up of system resources
in this use case?
2. You proposed to delete the function call “kfree(wq->rescuer)” from
the implementation of the function “rcu_free_wq”.
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/kernel/workqueue.c?id=c11d28ab4a691736e30b49813fb801847bd44e83#n3482
https://elixir.bootlin.com/linux/v5.7-rc6/source/kernel/workqueue.c#L3482
This function name should be specified also in the patch subject,
shouldn't it?
3. Would you like to add the tag “Fixes” to the commit message?
Regards,
Markus
