20 Mar
2024
20 Mar
'24
5:46 p.m.
On 3/20/24 04:08, Alexander Wetzel wrote:
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 86210e4dd0d3..80e0d1981191 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -2232,8 +2232,8 @@ sg_remove_sfp_usercontext(struct work_struct *work) "sg_remove_sfp: sfp=0x%p\n", sfp)); kfree(sfp);
- scsi_device_put(sdp->device); kref_put(&sdp->d_ref, sg_device_destroy);
- scsi_device_put(sdp->device); module_put(THIS_MODULE); }
Since sg_device_destroy() frees struct sg_device and since the scsi_device_put() call reads from struct sg_device, does this patch introduce a use-after-free? Has it been tested with KASAN enabled?
Thanks,
Bart.