On Wed, Aug 25, 2021 at 04:55:25PM +0800, Hillf Danton wrote: > Because no nbd is kfreed without being removed from the nbd idr, finding > a freed nbd in the idr with nbd_index_mutex held means the nbd is not a > valid pointer, and fix the uaf by cutting the chance for invalid nbd. > > Only for thoughts now. That is a bug, but not really the problem here. I think the issue is the completion issue that Tetsuo reported. Looking into that at the moment.
