On Mon, Dec 13, 2021 at 05:24:00PM +0800, QiuLaibin wrote: > > * This function is called synchronously on the issue path. The bio isn't > > seen by the queue and device driver yet and nothing can race to issue it > > before this function returns. > > > > The bio is under throttle here, this submit_bio return directly. And > current process will queue a dispatch work by > throtl_schedule_pending_timer() to submit this bio before BIO_THROTTLED flag > set. If the bio is completed quickly after the dispatch work is queued, UAF > of bio will happen. You are right, the timer can get to it. Can't it be solved by just reordering spin_unlock and setting BIO_THROTTLED? > > * Now we're not setting BIO_THROTTLED when we're taking a different return > > path through the out_unlock label and risks calling back into blk_throtl > > again on the same bio. > > > > In my opinion, This flag can prevent the request from being throttled > multiple times. If the request itself does not need to be throttled, the > result of repeated entry will be the same. > If necessary, I think we can use other methods to achieve this effect for > request does not need to be throttled. So that we don't change anything regarding this? Thanks. -- tejun
