Re: [PATCH] scsi: aic94xx: fix use-after-free in device removal path

Next message: Martin K. Petersen: "Re: [PATCH] sim710: Fix resource leak by adding missing ioport_unmap calls"
Previous message: Hrishikesh Suresh: "[PATCH] perf: replace strcpy() with strncpy() in util/jitdump.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Martin K. Petersen

Date: Wed Nov 19 2025 - 23:16:42 EST

On Wed, 29 Oct 2025 00:29:04 +0800, moonafterrain@xxxxxxxxxxx wrote:

> The asd_pci_remove() function fails to synchronize with pending tasklets
> before freeing the asd_ha structure, leading to a potential use-after-free
> vulnerability.
>
> When a device removal is triggered (via hot-unplug or module unload), race condition can occur.
>
> The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring
> all scheduled tasklets complete before cleanup proceeds.
>
> [...]

Applied to 6.19/scsi-queue, thanks!

[1/1] scsi: aic94xx: fix use-after-free in device removal path
https://git.kernel.org/mkp/scsi/c/f6ab594672d4

--
Martin K. Petersen