Re: [PATCH] scsi: mvsas: Fix use-after-free bugs in mvs_work_queue

Next message: Steven 'Steve' Kendall: "[PATCH] ALSA: hda/hdmi: Add pin fix for HP ProDesk model"
Previous message: Alex Williamson: "Re: [PATCH v4 10/10] vfio/pci: Add dma-buf export support for MMIO regions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Martin K. Petersen

Date: Mon Sep 29 2025 - 17:28:23 EST

Duoming,

> During the detaching of Marvell's SAS/SATA controller, the origin code
> calls cancel_delayed_work() in mvs_free() to cancel the delayed work
> item mwq->work_q. However, if mwq->work_q is already running, the
> cancel_delayed_work() may fail to cancel it. This can lead to
> use-after-free scenarios where mvs_free() frees the mvs_info while
> mvs_work_queue() is still executing and attempts to access the
> already-freed mvs_info.

Applied to 6.18/scsi-staging, thanks!

--
Martin K. Petersen