Re: [PATCH v1] irq_work: Fix use-after-free in irq_work_single on PREEMPT_RT

Next message: Rong Zhang: "Re: [PATCH v5 3/8] platform/x86: lenovo-wmi-other: Add lwmi_attr_id() function"
Previous message: Leon Romanovsky: "Re: [PATCH] dma-debug: ensure mappings are created and released with matching attributes"
In reply to: Steven Rostedt: "Re: [PATCH v1] irq_work: Fix use-after-free in irq_work_single on PREEMPT_RT"
Next in thread: Jiayuan Chen: "Re: [PATCH v1] irq_work: Fix use-after-free in irq_work_single on PREEMPT_RT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sebastian Andrzej Siewior

Date: Wed Mar 25 2026 - 14:02:08 EST

On 2026-03-25 13:55:40 [-0400], Steven Rostedt wrote:
> On Wed, 25 Mar 2026 18:51:50 +0100
> Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx> wrote:
>
> > > Perhaps Jiayuan's idea is better as it will not require modifying current
> > > callers and does fix the issue.
> >
> > Don't you need to replace irq_work_sync() with this new one?
> >
> > > But it would still need helper functions from RCU as I really do not think
> > > it's a good idea to open code the rcuwait logic.
> >
> > Why is rcuwait a concern?
>
> Oh, I was talking about how the patch open coded rcuwait (which we shouldn't do).
>
> Are you saying that if we stick a synchronize_rcu() in irq_work_sync() that
> could work too?

I was thinking about your helper doing synchronize_rcu().
I haven't looked at irq_work_sync() but it would need solve the problem,
too. There shouldn't be any user of irq_work_sync() which does not
intend to free the object, why else should they wait, right? So it might
be even simpler.

> -- Steve

Sebastian