Date: Wed, 2 Jun 2021 12:24:48 GMT From: Hans Petter Selasky <hselasky@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 407b687dfef6 - stable/13 - Make sure all tasklets are drained before unloading the LinuxKPI. Else use-after-free may happen. Message-ID: <202106021224.152COmC1019094@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by hselasky: URL: https://cgit.FreeBSD.org/src/commit/?id=407b687dfef6bf20623726a71127b63f4fb20615 commit 407b687dfef6bf20623726a71127b63f4fb20615 Author: Hans Petter Selasky <hselasky@FreeBSD.org> AuthorDate: 2021-05-21 06:52:59 +0000 Commit: Hans Petter Selasky <hselasky@FreeBSD.org> CommitDate: 2021-06-02 11:23:19 +0000 Make sure all tasklets are drained before unloading the LinuxKPI. Else use-after-free may happen. This change also partially cherry picks support for the taskqgroup_drain_all() function. Sponsored by: Mellanox Technologies // NVIDIA Networking (cherry picked from commit 209d4919c5270fe9e3c1d809cf91355d222dc2f3) --- sys/compat/linuxkpi/common/src/linux_tasklet.c | 2 ++ sys/kern/subr_gtaskqueue.c | 13 +++++++++++++ sys/sys/gtaskqueue.h | 1 + 3 files changed, 16 insertions(+) diff --git a/sys/compat/linuxkpi/common/src/linux_tasklet.c b/sys/compat/linuxkpi/common/src/linux_tasklet.c index 9a4c01737466..26e7bb75cf19 100644 --- a/sys/compat/linuxkpi/common/src/linux_tasklet.c +++ b/sys/compat/linuxkpi/common/src/linux_tasklet.c @@ -128,6 +128,8 @@ tasklet_subsystem_uninit(void *arg __unused) struct tasklet_worker *tw; int i; + taskqgroup_drain_all(qgroup_softirq); + CPU_FOREACH(i) { if (CPU_ABSENT(i)) continue; diff --git a/sys/kern/subr_gtaskqueue.c b/sys/kern/subr_gtaskqueue.c index 3eac29631244..c4db60890eee 100644 --- a/sys/kern/subr_gtaskqueue.c +++ b/sys/kern/subr_gtaskqueue.c @@ -817,3 +817,16 @@ void taskqgroup_destroy(struct taskqgroup *qgroup) { } + +void +taskqgroup_drain_all(struct taskqgroup *tqg) +{ + struct gtaskqueue *q; + + for (int i = 0; i < mp_ncpus; i++) { + q = tqg->tqg_queue[i].tgc_taskq; + if (q == NULL) + continue; + gtaskqueue_drain_all(q); + } +} diff --git a/sys/sys/gtaskqueue.h b/sys/sys/gtaskqueue.h index aa352902c65b..f662aa39f00e 100644 --- a/sys/sys/gtaskqueue.h +++ b/sys/sys/gtaskqueue.h @@ -80,6 +80,7 @@ void taskqgroup_detach(struct taskqgroup *qgroup, struct grouptask *gtask); struct taskqgroup *taskqgroup_create(const char *name, int cnt, int stride); void taskqgroup_destroy(struct taskqgroup *qgroup); void taskqgroup_bind(struct taskqgroup *qgroup); +void taskqgroup_drain_all(struct taskqgroup *qgroup); #define GTASK_INIT(gtask, flags, priority, func, context) do { \ (gtask)->ta_flags = flags; \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106021224.152COmC1019094>