Re: [PATCH v2] scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()

From: Martin K. Petersen
Date: Sat Apr 12 2025 - 06:30:17 EST

Next message: Christian Schrefl: "[PATCH v2] rust: Use `ffi::c_char` type in firmware abstraction `FwFunc`"
Previous message: Martin K. Petersen: "Re: [PATCH V3 0/2] scsi: ufs: Implement Quirks for Samsung UFS Devices"
In reply to: Peter Wang (王信友): "Re: [PATCH v2] scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 09 Apr 2025 19:13:20 -0500, Chenyuan Yang wrote:

> A race can occur between the MCQ completion path and the abort handler:
> once a request completes, __blk_mq_free_request() sets rq->mq_hctx to
> NULL, meaning the subsequent ufshcd_mcq_req_to_hwq() call in
> ufshcd_mcq_abort() can return a NULL pointer. If this NULL pointer is
> dereferenced, the kernel will crash.
>
> Add a NULL check for the returned hwq pointer. If hwq is NULL, log an
> error and return FAILED, preventing a potential NULL-pointer dereference.
> As suggested by Bart, the ufshcd_cmd_inflight() check is removed.
>
> [...]

Applied to 6.15/scsi-fixes, thanks!

[1/1] scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
https://git.kernel.org/mkp/scsi/c/4c3240850629

--
Martin K. Petersen Oracle Linux Engineering

Next message: Christian Schrefl: "[PATCH v2] rust: Use `ffi::c_char` type in firmware abstraction `FwFunc`"
Previous message: Martin K. Petersen: "Re: [PATCH V3 0/2] scsi: ufs: Implement Quirks for Samsung UFS Devices"
In reply to: Peter Wang (王信友): "Re: [PATCH v2] scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]