Re: [PATCH] scsi: aic94xx: fix use-after-free in device removal path

On Wed, 29 Oct 2025 00:29:04 +0800, moonafterrain@outlook.com wrote:

The asd_pci_remove() function fails to synchronize with pending tasklets before freeing the asd_ha structure, leading to a potential use-after-free vulnerability.

When a device removal is triggered (via hot-unplug or module unload), race condition can occur.

The fix adds tasklet_kill() before freeing the asd_ha structure, ensuring all scheduled tasklets complete before cleanup proceeds.

[...]

Applied to 6.19/scsi-queue, thanks!

[1/1] scsi: aic94xx: fix use-after-free in device removal path https://git.kernel.org/mkp/scsi/c/f6ab594672d4