Please enable JavaScript.
Coggle requires JavaScript to display documents.
syzrobot add_partition use-after-free - Coggle Diagram
syzrobot add_partition use-after-free
how to trigger
P 1
add one partition
P3
add one partition
use after free in the partition_overlaps
disk_part_iter_next
P2
loop set status64
bdev_disk_changed
drop paritions
delete_partition
xa_erase
add new partitions
xa_store()
xa_load()
PARTSCAN is enabled
CLR_FD
part_scan
remove partitions
background
inode free is done via run_rcu()
disk bdev lock is required for add/delete partition node
BLKPG_ADD_PARTITION
can be done on RDONLY opend disk?
what if it isn't matched with partition table?
will be dropped next when re-read
real reason
bdev->bd_partno is defined as u8
partition table xa's index is int