git.armlinux.org.uk/linux.git - Linus' kernel tree

diff options

author	Junrui Luo <moonafterrain@outlook.com>	2025-10-29 00:29:04 +0800
committer	Martin K. Petersen <martin.petersen@oracle.com>	2025-11-12 20:50:43 -0500
commit	f6ab594672d4cba08540919a4e6be2e202b60007 (patch)
tree	d5dce97ff9cc59fc4e6bf0bccc2ae06301d30b47 /rust/helpers/helpers.c
parent	d204087a59708c6c6a0b2b79e8fc2412fedc948d (diff)

scsi: aic94xx: fix use-after-free in device removal path

The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability. When a device removal is triggered (via hot-unplug or module unload), race condition can occur. The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring all scheduled tasklets complete before cleanup proceeds. Reported-by: Yuhao Jiang <danisjiang@gmail.com> Reported-by: Junrui Luo <moonafterrain@outlook.com> Fixes: 2908d778ab3e ("[SCSI] aic94xx: new driver") Cc: stable@vger.kernel.org Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Link: https://patch.msgid.link/ME2PR01MB3156AB7DCACA206C845FC7E8AFFDA@ME2PR01MB3156.ausprd01.prod.outlook.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Diffstat (limited to 'rust/helpers/helpers.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: