From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Guixin Liu <kanie@linux.alibaba.com>,
Avri Altman <avri.altman@wdc.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
James.Bottomley@HansenPartnership.com, quic_cang@quicinc.com,
hare@suse.de, quic_ziqichen@quicinc.com,
linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 6.12 2/4] scsi: ufs: bsg: Set bsg_queue to NULL after removal
Date: Wed, 29 Jan 2025 07:57:39 -0500 [thread overview]
Message-ID: <20250129125741.1272609-2-sashal@kernel.org> (raw)
In-Reply-To: <20250129125741.1272609-1-sashal@kernel.org>
From: Guixin Liu <kanie@linux.alibaba.com>
[ Upstream commit 1e95c798d8a7f70965f0f88d4657b682ff0ec75f ]
Currently, this does not cause any issues, but I believe it is necessary to
set bsg_queue to NULL after removing it to prevent potential use-after-free
(UAF) access.
Signed-off-by: Guixin Liu <kanie@linux.alibaba.com>
Link: https://lore.kernel.org/r/20241218014214.64533-3-kanie@linux.alibaba.com
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ufs/core/ufs_bsg.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c
index 6c09d97ae0065..08579c454a325 100644
--- a/drivers/ufs/core/ufs_bsg.c
+++ b/drivers/ufs/core/ufs_bsg.c
@@ -216,6 +216,7 @@ void ufs_bsg_remove(struct ufs_hba *hba)
return;
bsg_remove_queue(hba->bsg_queue);
+ hba->bsg_queue = NULL;
device_del(bsg_dev);
put_device(bsg_dev);
--
2.39.5
next prev parent reply other threads:[~2025-01-29 14:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-29 12:57 [PATCH AUTOSEL 6.12 1/4] scsi: storvsc: Ratelimit warning logs to prevent VM denial of service Sasha Levin
2025-01-29 12:57 ` Sasha Levin [this message]
2025-01-29 12:57 ` [PATCH AUTOSEL 6.12 3/4] rtla/timerlat_hist: Abort event processing on second signal Sasha Levin
2025-01-29 12:57 ` [PATCH AUTOSEL 6.12 4/4] rtla/timerlat_top: " Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250129125741.1272609-2-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=avri.altman@wdc.com \
--cc=hare@suse.de \
--cc=kanie@linux.alibaba.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=quic_cang@quicinc.com \
--cc=quic_ziqichen@quicinc.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox