On Wed, 25 Dec 2024 19:06:40 +0800, Ming Lei wrote:
> Inside ublk_abort_requests(), gendisk is grabbed for aborting all
> inflight requests. And ublk_abort_requests() is called when exiting
> the uring context or handling timeout.
>
> If add_disk() fails, the gendisk may have been freed when calling
> ublk_abort_requests(), so use-after-free can be caused when getting
> disk's reference in ublk_abort_requests().
>
> [...]
Applied, thanks!
[1/1] ublk: detach gendisk from ublk device if add_disk() fails
commit: 75cd4005da5492129917a4a4ee45e81660556104
Best regards,
--
Jens Axboe
