Re: [PATCH] thermal: core: fix use-after-free due to init/cancel delayed_work race

Next message: Conor Dooley: "Re: [PATCH v4 2/4] dt-bindings: hwmon: Add Sensirion SHT30 series"
Previous message: Ian Rogers: "[PATCH v3 2/2] perf symbol: Lazily compute idle and use the perf_env"
In reply to: Rafael J. Wysocki: "Re: [PATCH] thermal: core: fix use-after-free due to init/cancel delayed_work race"
Next in thread: Rafael J. Wysocki: "Re: [PATCH] thermal: core: fix use-after-free due to init/cancel delayed_work race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mauricio Faria de Oliveira

Date: Thu Mar 26 2026 - 13:49:59 EST

On 2026-03-25 16:29, Rafael J. Wysocki wrote:
> On Wed, Mar 25, 2026 at 8:22 PM Mauricio Faria de Oliveira
> <mfo@xxxxxxxxxx> wrote:
>>
>> On 2026-03-25 13:24, Rafael J. Wysocki wrote:
[...]
>> > I'd say that thermal_zone_device_unregister() needs to flush the
>> > workqueue before calling cancel_delayed_work_sync() to get rid of the
>> > stuff that may be running out of it that hasn't seen the changes made
>> > by thermal_zone_exit().
>>
>> IIUIC, cancel_delayed_work_sync() has that effect: it waits for
>> (specific)
>> work that might be running and hasn't seen changes by
>> thermal_zone_exit()).
>
> Sure, but you argued yourself that this didn't work if the work item
> in question had been reinitialized in the meantime.

Yes, if. To clarify: the above refers to cancel_delayed_work_sync()
behavior alone, not assuming a work item reinitialization (i.e., in
the context of the proposed patch).

> And I don't want to add another work item to the thermal zone
> structure just for the handling of suspend/resume.

That's certainly understandable.

--
Mauricio