Re: [PATCH] scsi: libsas: fix use-after-free bug in smp_execute_task_sg

From: Martin K. Petersen
Date: Sun Sep 25 2022 - 12:57:16 EST

Next message: Yuan, Perry: "RE: [PATCH 2/7] cpufreq: amd_pstate: add module parameter to load amd pstate EPP driver"
Previous message: Martin K. Petersen: "Re: [PATCH] scsi: scsi_transport_fc: Adjust struct fc_nl_event flex array usage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Duoming,

> When executing SMP task failed, the smp_execute_task_sg() calls
> del_timer() to delete the "slow_task->timer". However, if the timer
> handler sas_task_internal_timedout() is running, the del_timer() in
> smp_execute_task_sg() will not stop it and the UAF bug will happen.

Applied to 6.1/scsi-staging, thanks!

--
Martin K. Petersen Oracle Linux Engineering

Next message: Yuan, Perry: "RE: [PATCH 2/7] cpufreq: amd_pstate: add module parameter to load amd pstate EPP driver"
Previous message: Martin K. Petersen: "Re: [PATCH] scsi: scsi_transport_fc: Adjust struct fc_nl_event flex array usage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]