mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-22 10:31:08 +00:00
scsi: qedi: Fix use after free bug in qedi_remove()
[ Upstream commitc5749639f2
] In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work with qedi_recovery_handler() and &qedi->board_disable_work with qedi_board_disable_work(). When qedi_schedule_recovery_handler() is called, schedule_delayed_work() will finally start the work. In qedi_remove(), which is called to remove the driver, the following sequence may be observed: Fix this by finishing the work before cleanup in qedi_remove(). CPU0 CPU1 |qedi_recovery_handler qedi_remove | __qedi_remove | iscsi_host_free | scsi_host_put | //free shost | |iscsi_host_for_each_session |//use qedi->shost Cancel recovery_work and board_disable_work in __qedi_remove(). Fixes:4b1068f5d7
("scsi: qedi: Add MFW error recovery process") Signed-off-by: Zheng Wang <zyytlz.wz@163.com> Link: https://lore.kernel.org/r/20230413033422.28003-1-zyytlz.wz@163.com Acked-by: Manish Rangankar <mrangankar@marvell.com> Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
e60e5d6722
commit
3738a23083
1 changed files with 3 additions and 0 deletions
|
@ -2450,6 +2450,9 @@ static void __qedi_remove(struct pci_dev *pdev, int mode)
|
|||
qedi_ops->ll2->stop(qedi->cdev);
|
||||
}
|
||||
|
||||
cancel_delayed_work_sync(&qedi->recovery_work);
|
||||
cancel_delayed_work_sync(&qedi->board_disable_work);
|
||||
|
||||
qedi_free_iscsi_pf_param(qedi);
|
||||
|
||||
rval = qedi_ops->common->update_drv_state(qedi->cdev, false);
|
||||
|
|
Loading…
Reference in a new issue