Re: [PATCH] blktrace: Fix uaf in blk_trace access after removing by sysfs
From: Christoph Hellwig
Date: Wed Sep 22 2021 - 01:22:43 EST
On Fri, Sep 10, 2021 at 05:21:20PM +0800, Zhihao Cheng wrote:
> + else {
> + /*
> + * Don't remove blk_trace under running state, in
> + * case triggering use-after-free in function
> + * __blk_add_trace().
> + */
> + if (bt->trace_state != Blktrace_running)
> + ret = blk_trace_remove_queue(q);
> + else
> + ret = -EBUSY;
> + }
> goto out_unlock_bdev;
So who is going to eventually call blk_trace_free in this case?
Also Having the check in blk_trace_remove_queue would seem a little
cleaner.