On Sun, Aug 15, 2021 at 09:49:30PM +0800, Hillf Danton wrote: > After putting bdi in wb_exit(), wb->bdi is no longer stable. To fix the uaf, > add the WB_put bit to avoid derefering a unstable pointer. > > Only for thoughts. This doesn't help with the fact that the bdi needs to be alive until after inode_detach_wb is called. I posted a patch for that last week, although I'm about to post a v2 as there are more lingering issues in this area.
