Re: [PATCH v2 1/3] blk-cgroup: fix race between policy activation and blkg destruction

[Zheng Qixing]

Resend...

blkcg_activate_policy()                blkg_free_workfn()
-------------------                    ------------------
spin_lock(&q->queue_lock)
...
if (!pd) {
    spin_unlock(&q->queue_lock)
    ...
    goto enomem
    }
enomem:
    spin_lock(&q->queue_lock)
    if (pd) {

                       ->pd_free_fn()  // pd freed

       pd->online // uaf
       ...
    }

                       spin_lock(&q->queue_lock)

                       list_del_init(&blkg->q_node)

                       spin_unlock(&q->queue_lock)