On 2025/5/9 23:19, Don.Brace@microchip.com wrote:
---------- Forwarded message --------- From: Zhu Wei zhuwei@sangfor.com.cn Date: Thu, May 8, 2025 at 7:57 AM Subject: [PATCH] scsi: smartpqi: Fix the race condition between pqi_tmf_worker and pqi_sdev_destroy To: don.brace@microchip.com, kevin.barnett@microchip.com Cc: dinghui@sangfor.com.cn, zengzhicong@sangfor.com.cn, James.Bottomley@hansenpartnership.com, martin.petersen@oracle.com, storagedev@microchip.com, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, Zhu Wei zhuwei@sangfor.com.cn
There is a race condition between pqi_sdev_destroy and pqi_tmf_worker. After pqi_free_device is released, pqi_tmf_worker will still use device.
Don: Thank-you for your patch, however we recently applied a similar patch to our internal repo. Don: But more checking is done for removed devices. Don: When this patch has been tested internally, we will post it up for review. Don: I will add a Reported-By tag with your name.
Ok, hope smartpqi gets better.
Don: So Nak.
kasan report: [ 1933.765810] ================================================================== [ 1933.771862] scsi 15:0:20:0: Direct-Access ATA WDC WUH722222AL WTS2 PQ: 0 ANSI: 6 [ 1933.779190] BUG: KASAN: use-after-free in pqi_device_wait_for_pending_io+0x9e/0x600 [smartpqi] ...... -- 2.43.0