[PATCH v2 0/2] fix some bsg related bugs

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2 0/2] fix some bsg related bugs
@ 2024-12-18  1:42 Guixin Liu
  2024-12-18  1:42 ` [PATCH v2 1/2] scsi: ufs: delete bsg_dev when setup bsg fail Guixin Liu
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Guixin Liu @ 2024-12-18  1:42 UTC (permalink / raw)
  To: Alim Akhtar, Avri Altman, Bart Van Assche,
	James E . J . Bottomley, Martin K . Petersen
  Cc: linux-scsi

Changes from v1 to v2:
- Add fixes tag to the first patch.
- Add rb tag from Avri, thanks.

Guixin Liu (2):
  scsi: ufs: delete bsg_dev when setup bsg fail
  scsi: ufs: set bsg_queue to NULL after remove

 drivers/ufs/core/ufs_bsg.c | 2 ++
 1 file changed, 2 insertions(+)

-- 
2.43.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH v2 1/2] scsi: ufs: delete bsg_dev when setup bsg fail
  2024-12-18  1:42 [PATCH v2 0/2] fix some bsg related bugs Guixin Liu
@ 2024-12-18  1:42 ` Guixin Liu
  2024-12-18  1:42 ` [PATCH v2 2/2] scsi: ufs: set bsg_queue to NULL after remove Guixin Liu
  2025-01-10 23:03 ` [PATCH v2 0/2] fix some bsg related bugs Martin K. Petersen
  2 siblings, 0 replies; 4+ messages in thread
From: Guixin Liu @ 2024-12-18  1:42 UTC (permalink / raw)
  To: Alim Akhtar, Avri Altman, Bart Van Assche,
	James E . J . Bottomley, Martin K . Petersen
  Cc: linux-scsi

We should remove the bsg device when bsg_setup_queue() return fail
to release the resources.

Fixes: df032bf27a41 ("scsi: ufs: Add a bsg endpoint that supports UPIUs")
Signed-off-by: Guixin Liu <kanie@linux.alibaba.com>
Reviewed-by: Avri Altman <avri.altman@wdc.com>
---
 drivers/ufs/core/ufs_bsg.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c
index 6c09d97ae006..58023f735c19 100644
--- a/drivers/ufs/core/ufs_bsg.c
+++ b/drivers/ufs/core/ufs_bsg.c
@@ -257,6 +257,7 @@ int ufs_bsg_probe(struct ufs_hba *hba)
 			NULL, 0);
 	if (IS_ERR(q)) {
 		ret = PTR_ERR(q);
+		device_del(bsg_dev);
 		goto out;
 	}
 
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH v2 2/2] scsi: ufs: set bsg_queue to NULL after remove
  2024-12-18  1:42 [PATCH v2 0/2] fix some bsg related bugs Guixin Liu
  2024-12-18  1:42 ` [PATCH v2 1/2] scsi: ufs: delete bsg_dev when setup bsg fail Guixin Liu
@ 2024-12-18  1:42 ` Guixin Liu
  2025-01-10 23:03 ` [PATCH v2 0/2] fix some bsg related bugs Martin K. Petersen
  2 siblings, 0 replies; 4+ messages in thread
From: Guixin Liu @ 2024-12-18  1:42 UTC (permalink / raw)
  To: Alim Akhtar, Avri Altman, Bart Van Assche,
	James E . J . Bottomley, Martin K . Petersen
  Cc: linux-scsi

Currently, this does not cause any issues, but I believe it is
necessary to set bsg_queue to NULL after removing it to prevent
potential use-after-free (UAF) access.

Signed-off-by: Guixin Liu <kanie@linux.alibaba.com>
Reviewed-by: Avri Altman <avri.altman@wdc.com>
---
 drivers/ufs/core/ufs_bsg.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c
index 58023f735c19..8d4ad0a3f2cf 100644
--- a/drivers/ufs/core/ufs_bsg.c
+++ b/drivers/ufs/core/ufs_bsg.c
@@ -216,6 +216,7 @@ void ufs_bsg_remove(struct ufs_hba *hba)
 		return;
 
 	bsg_remove_queue(hba->bsg_queue);
+	hba->bsg_queue = NULL;
 
 	device_del(bsg_dev);
 	put_device(bsg_dev);
-- 
2.43.0


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH v2 0/2] fix some bsg related bugs
  2024-12-18  1:42 [PATCH v2 0/2] fix some bsg related bugs Guixin Liu
  2024-12-18  1:42 ` [PATCH v2 1/2] scsi: ufs: delete bsg_dev when setup bsg fail Guixin Liu
  2024-12-18  1:42 ` [PATCH v2 2/2] scsi: ufs: set bsg_queue to NULL after remove Guixin Liu
@ 2025-01-10 23:03 ` Martin K. Petersen
  2 siblings, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2025-01-10 23:03 UTC (permalink / raw)
  To: Guixin Liu
  Cc: Alim Akhtar, Avri Altman, Bart Van Assche,
	James E . J . Bottomley, Martin K . Petersen, linux-scsi


Guixin,

> Guixin Liu (2):
>   scsi: ufs: delete bsg_dev when setup bsg fail
>   scsi: ufs: set bsg_queue to NULL after remove

Applied to 6.14/scsi-staging, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2025-01-10 23:04 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-18  1:42 [PATCH v2 0/2] fix some bsg related bugs Guixin Liu
2024-12-18  1:42 ` [PATCH v2 1/2] scsi: ufs: delete bsg_dev when setup bsg fail Guixin Liu
2024-12-18  1:42 ` [PATCH v2 2/2] scsi: ufs: set bsg_queue to NULL after remove Guixin Liu
2025-01-10 23:03 ` [PATCH v2 0/2] fix some bsg related bugs Martin K. Petersen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox