Re: [PATCH] class: fix use-after-free in class_register()

From: Greg Kroah-Hartman
Date: Mon Dec 18 2023 - 01:53:41 EST


On Mon, Dec 18, 2023 at 07:52:18AM +0100, Greg Kroah-Hartman wrote:
> On Mon, Dec 18, 2023 at 10:44:03AM +0800, Chunyan Zhang wrote:
> > From: Jing Xia <jing.xia@xxxxxxxxxx>
> >
> > The lock_class_key is still registered and can be found in
> > lock_keys_hash hlist after subsys_private is freed in error
> > handler path.A task who iterate over the lock_keys_hash
> > later may cause use-after-free.So fix that up and unregister
> > the lock_class_key before kfree(cp).
>
> What task iterates over all hashes?
>
> And can you put ' ' after your '.'?
>
> And how was this found?

And more importantly, how was this tested?

thanks,

greg k-h