Re: [PATCH] scsi: smartpqi: Fix the race condition between pqi_tmf_worker and pqi_sdev_destroy
From: zhuwei
Date: Sat May 10 2025 - 01:51:38 EST
On 2025/5/9 23:19, Don.Brace@xxxxxxxxxxxxx wrote:
---------- Forwarded message ---------
From: Zhu Wei <zhuwei@xxxxxxxxxxxxxx>
Date: Thu, May 8, 2025 at 7:57 AM
Subject: [PATCH] scsi: smartpqi: Fix the race condition between pqi_tmf_worker and pqi_sdev_destroy
To: <don.brace@xxxxxxxxxxxxx>, <kevin.barnett@xxxxxxxxxxxxx>
Cc: <dinghui@xxxxxxxxxxxxxx>, <zengzhicong@xxxxxxxxxxxxxx>, <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, <martin.petersen@xxxxxxxxxx>, <storagedev@xxxxxxxxxxxxx>, <linux-scsi@xxxxxxxxxxxxxxx>, <linux-kernel@xxxxxxxxxxxxxxx>, <stable@xxxxxxxxxxxxxxx>, Zhu Wei <zhuwei@xxxxxxxxxxxxxx>
There is a race condition between pqi_sdev_destroy and pqi_tmf_worker.
After pqi_free_device is released, pqi_tmf_worker will still use device.
Don: Thank-you for your patch, however we recently applied a similar patch to our internal repo.
Don: But more checking is done for removed devices.
Don: When this patch has been tested internally, we will post it up for review.
Don: I will add a Reported-By tag with your name.
Ok, hope smartpqi gets better.
Don: So Nak.
kasan report:
[ 1933.765810] ==================================================================
[ 1933.771862] scsi 15:0:20:0: Direct-Access ATA WDC WUH722222AL WTS2 PQ: 0 ANSI: 6
[ 1933.779190] BUG: KASAN: use-after-free in pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi]
......
--
2.43.0