On Mon, 28 Feb 2022 11:43:54 +0800, Yu Kuai wrote:
> When tracing the whole disk, 'dropped' and 'msg' will be created
> under 'q->debugfs_dir' and 'bt->dir' is NULL, thus blk_trace_free()
> won't remove those files. What's worse, the following UAF can be
> triggered because of accessing stale 'dropped' and 'msg':
>
> ==================================================================
> BUG: KASAN: use-after-free in blk_dropped_read+0x89/0x100
> Read of size 4 at addr ffff88816912f3d8 by task blktrace/1188
>
> [...]
Applied, thanks!
[1/1] blktrace: fix use after free for struct blk_trace
commit: 30939293262eb433c960c4532a0d59c4073b2b84
Best regards,
--
Jens Axboe
