Re: [PATCH] class: fix use-after-free in class_register()

[Greg Kroah-Hartman]

On Mon, Dec 18, 2023 at 07:52:18AM +0100, Greg Kroah-Hartman wrote:
> On Mon, Dec 18, 2023 at 10:44:03AM +0800, Chunyan Zhang wrote:
> > From: Jing Xia <jing.xia@xxxxxxxxxx>
> > 
> > The lock_class_key is still registered and can be found in
> > lock_keys_hash hlist after subsys_private is freed in error
> > handler path.A task who iterate over the lock_keys_hash
> > later may cause use-after-free.So fix that up and unregister
> > the lock_class_key before kfree(cp).
> 
> What task iterates over all hashes?
> 
> And can you put ' ' after your '.'?
> 
> And how was this found?

And more importantly, how was this tested?

thanks,

greg k-h