Re: [PATCH net v2] 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
From: Zheng Hacker
Date: Mon Mar 13 2023 - 21:07:56 EST
Jakub Kicinski <kuba@xxxxxxxxxx> 于2023年3月14日周二 05:30写道:
>
> On Mon, 13 Mar 2023 14:54:20 +0100 Michal Swiatkowski wrote:
> > > @@ -274,12 +274,17 @@ static const struct xenbus_device_id xen_9pfs_front_ids[] = {
> > > static void xen_9pfs_front_free(struct xen_9pfs_front_priv *priv)
> > > {
> > > int i, j;
> > > + struct xen_9pfs_dataring *ring = NULL;
> > Move it before int i, j to have RCT.
> >
> > >
> > > write_lock(&xen_9pfs_lock);
> > > list_del(&priv->list);
> > > write_unlock(&xen_9pfs_lock);
> > >
> > > for (i = 0; i < priv->num_rings; i++) {
> > > + /*cancel work*/
> > It isn't needed I think, the function cancel_work_sync() tells everything
> > here.
>
> Note that 9p is more storage than networking, so this patch is likely
> to go via a different tree than us.
Sorry I got confused.
Best regards,
Zheng