On Wed, Feb 02, 2022 at 04:56:56PM +0100, Christoph Hellwig wrote: > @@ -985,8 +947,6 @@ static void virtblk_remove(struct virtio_device *vdev) > kfree(vblk->vqs); > > mutex_unlock(&vblk->vdev_mutex); > - > - virtblk_put(vblk); > }
Thank you, this is a nice cleanup! One question:
File systems are unmounted and block devices are not open. PCI hot
unplug calls virtblk_remove(). It looks vblk is used after being freed
by virtblk_free_disk() halfway through virtblk_remove()?
static void virtblk_remove(struct virtio_device *vdev)
{
struct virtio_blk *vblk = vdev->priv;
/* Make sure no work handler is accessing the device. */
flush_work(&vblk->config_work);
del_gendisk(vblk->disk);
blk_cleanup_disk(vblk->disk);
^--- is virtblk_free_disk() called here?
blk_mq_free_tag_set(&vblk->tag_set);
^--- use after free
mutex_lock(&vblk->vdev_mutex);
/* Stop all the virtqueues. */
virtio_reset_device(vdev);
/* Virtqueues are stopped, nothing can use vblk->vdev anymore. */
vblk->vdev = NULL;
vdev->config->del_vqs(vdev);
kfree(vblk->vqs);
mutex_unlock(&vblk->vdev_mutex);
}
Stefan
signature.asc
Description: PGP signature
_______________________________________________ Virtualization mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/virtualization
