Re: [PATCH v2 (RESEND)] block: genhd: fix double kfree() in __alloc_disk_node()

Jens Axboe <axboe@xxxxxxxxx> · Sat, 2 Oct 2021 07:29:46 -0600

On 10/2/21 3:23 AM, Tetsuo Handa wrote:
> syzbot is reporting use-after-free read at bdev_free_inode() [1], for
> kfree() from __alloc_disk_node() is called before bdev_free_inode()
> (which is called after RCU grace period) reads bdev->bd_disk and calls
> kfree(bdev->bd_disk).
> 
> Fix use-after-free read followed by double kfree() problem
> by making sure that bdev->bd_disk is NULL when calling iput().

Applied for 5.15, thanks.

-- 
Jens Axboe