On Thu, Apr 29, 2021 at 03:36:14PM +0800, Ming Lei wrote: > > > ->bi_bdev and associated disk/request_queue/hctx/... refrerred in bio_poll() > > > may have being freed now, so there is UAF risk. > > > > the block device is RCU freed, so we are fine there. There rest OTOH > > is more interesting. Let me think of a good defense using some kind > > of liveness check. > > Or hold gendisk reference in bdev lifetime, then everything referred > won't be released until bdev is freed. The whole device bdev controls the gendisk liftetime, so that one is easy. But for partitions it is probably a good idea to ensure that the gendisk is kept allocated as long as the block devices are around as well.
