shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-25 12:00:22 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
23525fc0ea623006eff32bd6df8753b3d24f5d2b
linux/drivers/scsi
History
Junrui Luo e354793a7a scsi: aic94xx: fix use-after-free in device removal path 
commit f6ab594672d4cba08540919a4e6be2e202b60007 upstream.

The asd_pci_remove() function fails to synchronize with pending tasklets
before freeing the asd_ha structure, leading to a potential
use-after-free vulnerability.

When a device removal is triggered (via hot-unplug or module unload),
race condition can occur.

The fix adds tasklet_kill() before freeing the asd_ha structure,
ensuring all scheduled tasklets complete before cleanup proceeds.

Reported-by: Yuhao Jiang <danisjiang@gmail.com>
Reported-by: Junrui Luo <moonafterrain@outlook.com>
Fixes: 2908d778ab ("[SCSI] aic94xx: new driver")
Cc: stable@vger.kernel.org
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
Link: https://patch.msgid.link/ME2PR01MB3156AB7DCACA206C845FC7E8AFFDA@ME2PR01MB3156.ausprd01.prod.outlook.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2026-01-11 15:21:58 +01:00
..
aacraid
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
2025-08-28 16:28:29 +02:00
aic7xxx
scsi: aic7xxx: Fix firmware build fatal error
2023-07-31 11:28:55 -04:00
aic94xx
scsi: aic94xx: fix use-after-free in device removal path
2026-01-11 15:21:58 +01:00
arcmsr
scsi: arcmsr: Support new PCI device IDs 1883 and 1886
2024-02-05 20:14:19 +00:00
arm
scsi: powertec: Declare SCSI host template const
2023-03-24 19:19:21 -04:00
be2iscsi
scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
2023-12-13 18:45:17 +01:00
bfa
scsi: bfa: Double-free fix
2025-08-28 16:28:26 +02:00
bnx2fc
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
2024-05-17 12:02:11 +02:00
bnx2i
scsi: bnx2i: Replace all non-returning strlcpy with strscpy
2023-05-26 13:52:19 -07:00
csiostor
scsi: csiostor: Avoid function pointer casts
2024-03-26 18:20:01 -04:00
cxgbi
Merge tag 'net-next-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2023-04-26 16:07:23 -07:00
cxlflash
Merge tag 'driver-core-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2023-04-27 11:53:57 -07:00
device_handler
scsi: core: alua: I/O errors for ALUA state transitions
2024-07-25 09:50:39 +02:00
elx
scsi: elx: efct: Fix dma_unmap_sg() nents value
2025-08-15 12:08:54 +02:00
esas2r
Merge tag 'modules-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux
2023-04-27 16:36:55 -07:00
fcoe
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
2024-02-23 09:25:01 +01:00
fnic
scsi: fnic: Return error if vmalloc() failed
2024-01-25 15:35:22 -08:00
hisi_sas
scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk
2025-06-19 15:28:12 +02:00
ibmvscsi
scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
2023-11-28 17:19:42 +00:00
ibmvscsi_tgt
scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
2025-08-15 12:08:54 +02:00
isci
minmax: make generic MIN() and MAX() macros available everywhere
2025-10-02 13:42:55 +02:00
libfc
scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill()
2025-11-24 10:29:43 +01:00
libsas
scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed
2024-07-25 09:50:53 +02:00
lpfc
scsi: lpfc: Define size of debugfs entry for xri rebalancing
2025-11-24 10:29:40 +01:00
megaraid
scsi: megaraid_sas: Fix invalid node index
2025-07-06 11:00:14 +02:00
mpi3mr
scsi: mpi3mr: Fix controller init failure on fault during queue creation
2025-11-24 10:29:30 +01:00
mpt3sas
scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate
2025-11-24 10:29:43 +01:00
mvsas
scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
2025-10-19 16:30:42 +02:00
pcmcia
scsi: Add HAS_IOPORT dependencies
2023-05-31 19:59:26 -04:00
pm8001
scsi: pm8001: Use int instead of u32 to store error codes
2025-11-24 10:29:31 +01:00
qedf
scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
2025-06-19 15:28:08 +02:00
qedi
scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
2024-12-09 10:32:19 +01:00
qla2xxx
scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"
2026-01-11 15:21:58 +01:00
qla4xxx
scsi: qla4xxx: Prevent a potential error pointer dereference
2025-08-28 16:28:48 +02:00
smartpqi
scsi: smartpqi: Fix device resources accessed after device removal
2026-01-11 15:21:21 +01:00
snic
scsi: snic: Fix double free in snic_tgt_create()
2023-08-24 22:30:32 -04:00
sym53c8xx_2
scsi: sym53c8xx: Replace all non-returning strlcpy() with strscpy()
2023-05-31 18:04:30 -04:00
.gitignore
3w-9xxx.c
scsi: 3w-9xxx: Replace all non-returning strlcpy with strscpy
2023-05-26 13:52:19 -07:00
3w-9xxx.h
scsi: 3w-9xxx: Fix endianness issues in command packets
2021-05-15 18:01:34 -04:00
3w-sas.c
scsi: 3w-sas: Declare SCSI host template const
2023-03-24 19:19:20 -04:00
3w-sas.h
scsi: 3w-sas: Replace 1-element arrays with flexible array members
2023-01-12 00:09:52 -05:00
3w-xxxx.c
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
2023-05-22 17:31:56 -04:00
3w-xxxx.h
scsi: 3w-xxxx: Replace one-element array with flexible-array member
2022-09-25 13:06:00 -04:00
53c700_d.h_shipped
53c700.c
scsi: 53c700: Check that command slot is not NULL
2023-07-31 14:38:17 -04:00
53c700.h
treewide: remove editor modelines and cruft
2021-05-07 00:26:34 -07:00
53c700.scr
a100u2w.c
scsi: a100u2w: Declare SCSI host template const
2023-03-24 19:19:20 -04:00
a100u2w.h
a2091.c
scsi: a2091: Declare SCSI host template const
2023-03-24 19:19:20 -04:00
a2091.h
a3000.c
scsi: a3000: Declare SCSI host template const
2023-03-24 19:19:20 -04:00
a3000.h
a4000t.c
advansys.c
scsi: advansys: Declare SCSI host template const
2023-03-24 19:19:20 -04:00
aha152x.c
scsi: aha152x: Declare SCSI host template const
2023-03-24 19:19:20 -04:00
aha152x.h
aha1542.c
scsi: aha1542: Declare SCSI host template const
2023-03-24 19:19:21 -04:00
aha1542.h
aha1740.c
scsi: aha1740: Declare SCSI host template const
2023-03-24 19:19:21 -04:00
aha1740.h
am53c974.c
scsi: esp_scsi: Declare SCSI host template const
2023-03-24 19:19:22 -04:00
atari_scsi.c
scsi: NCR5380: Add SCp members to struct NCR5380_cmd
2022-02-22 21:11:03 -05:00
atp870u.c
scsi: atp870u: Declare SCSI host template const
2023-03-24 19:19:21 -04:00
atp870u.h
BusLogic.c
scsi: BusLogic: Declare SCSI host template const
2023-03-24 19:19:20 -04:00
BusLogic.h
scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
2021-05-14 22:19:04 -04:00
bvme6000_scsi.c
ch.c
scsi: replace the fmode_t argument to scsi_ioctl with a simple bool
2023-06-12 08:04:04 -06:00
constants.c
scsi: core: Introduce enums for the SAM and host status codes
2021-06-02 23:09:39 -04:00
dc395x.c
scsi: dc395x: Declare SCSI host template const
2023-03-24 19:19:21 -04:00
dc395x.h
dmx3191d.c
scsi: dmx3191d: Declare SCSI host template const
2023-03-24 19:19:22 -04:00
esp_scsi.c
scsi: esp_scsi: Declare SCSI host template const
2023-03-24 19:19:22 -04:00
esp_scsi.h
scsi: esp_scsi: Declare SCSI host template const
2023-03-24 19:19:22 -04:00
fdomain_isa.c
fdomain_pci.c
fdomain.c
scsi: fdomain: Declare SCSI host template const
2023-03-24 19:19:22 -04:00
fdomain.h
FlashPoint.c
scsi: FlashPoint: Remove redundant variable bm_int_st
2022-08-01 19:52:03 -04:00
g_NCR5380.c
scsi: NCR5380: Declare SCSI host template const
2023-03-24 19:19:22 -04:00
gvp11.c
scsi: gvp11: Remove unused gvp11_setup() function
2023-08-21 16:37:11 -04:00
gvp11.h
hosts.c
scsi: core: Fix a regression triggered by scsi_host_busy()
2025-12-01 11:41:49 +01:00
hpsa_cmd.h
scsi: hpsa: Add an assert to prevent __packed reintroduction
2021-04-01 22:52:40 -04:00
hpsa.c
scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()
2025-10-19 16:30:52 +02:00
hpsa.h
hptiop.c
overflow: Add struct_size_t() helper
2023-05-26 13:52:19 -07:00
hptiop.h
scsi: hptiop: Replace one-element array with flexible-array member in struct hpt_iop_request_ioctl_command()
2022-09-25 13:04:17 -04:00
imm.c
scsi: imm: Declare SCSI host template const
2023-03-24 19:19:56 -04:00
imm.h
scsi: imm: Move the SCSI pointer to private command data
2022-02-22 21:11:04 -05:00
initio.c
scsi: initio: Declare SCSI host template const
2023-03-24 19:19:56 -04:00
initio.h
scsi: initio: Stop using the SCSI pointer
2022-02-22 21:11:05 -05:00
ipr.c
scsi: ipr: Remove several unused variables
2023-04-24 23:11:47 -04:00
ipr.h
scsi: ipr: Remove SATA support
2023-04-18 23:01:23 -04:00
ips.c
scsi: ips: Replace kmap_atomic() with kmap_local_page()
2023-01-18 18:41:12 -05:00
ips.h
treewide: remove editor modelines and cruft
2021-05-07 00:26:34 -07:00
iscsi_boot_sysfs.c
iscsi_tcp.c
scsi: iscsi_tcp: restrict to TCP sockets
2023-09-17 17:46:13 +01:00
iscsi_tcp.h
scsi: iscsi_tcp: Use sendmsg(MSG_SPLICE_PAGES) rather than sendpage
2023-06-24 15:50:13 -07:00
jazz_esp.c
scsi: esp_scsi: Declare SCSI host template const
2023-03-24 19:19:22 -04:00
Kconfig
scsi: jazz_esp: Only build if SCSI core is builtin
2024-03-01 13:35:06 +01:00
lasi700.c
parisc: Make struct parisc_driver::remove() return void
2021-08-30 10:18:25 +02:00
libiscsi_tcp.c
scsi: iscsi: Remove iscsi_get_task back_lock requirement
2022-06-21 21:19:23 -04:00
libiscsi.c
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
2025-08-28 16:28:25 +02:00
mac53c94.c
scsi: mac53c94: Declare SCSI host template const
2023-03-24 19:19:57 -04:00
mac53c94.h
scsi: mac53c94: Stop using struct scsi_pointer
2022-02-27 21:35:30 -05:00
mac_esp.c
scsi: esp_scsi: Declare SCSI host template const
2023-03-24 19:19:22 -04:00
mac_scsi.c
scsi: mac_scsi: Disallow bus errors during PDMA send
2024-10-04 16:29:49 +02:00
Makefile
scsi: dpt_i2o: Remove obsolete driver
2022-06-27 22:56:21 -04:00
megaraid.c
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
2023-03-24 20:27:17 -04:00
megaraid.h
scsi: megaraid: Stop using the SCSI pointer
2022-02-22 21:11:05 -05:00
mesh.c
scsi: mesh: Declare SCSI host template const
2023-03-24 19:19:57 -04:00
mesh.h
scsi: mesh: Stop using struct scsi_pointer
2022-02-27 21:34:02 -05:00
mvme16x_scsi.c
mvme147.c
scsi: mvme147: Declare SCSI host template const
2023-03-24 19:19:57 -04:00
mvme147.h
mvumi.c
scsi: core: Improve type safety of scsi_rescan_device()
2023-08-24 22:11:29 -04:00
mvumi.h
scsi: mvumi: Replace 1-element arrays with flexible array members
2023-01-12 00:11:11 -05:00
myrb.c
scsi: mylex: Fix sysfs buffer lengths
2024-04-10 16:36:00 +02:00
myrb.h
myrs.c
scsi: myrs: Fix dma_alloc_coherent() error check
2025-10-15 11:57:56 +02:00
myrs.h
ncr53c8xx.c
scsi: ncr53c8xx: Replace strlcpy() with strscpy()
2023-06-21 21:13:00 -04:00
ncr53c8xx.h
scsi: zalon: Stop using the SCSI pointer
2022-02-22 21:11:07 -05:00
NCR5380.c
scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers
2024-10-10 11:57:37 +02:00
NCR5380.h
scsi: NCR5380: Add SCp members to struct NCR5380_cmd
2022-02-22 21:11:03 -05:00
nsp32_debug.c
nsp32_io.h
nsp32.c
scsi: nsp32: Declare SCSI host template const
2023-03-24 19:19:58 -04:00
nsp32.h
scsi: nsp32: Stop using the SCSI pointer
2022-02-22 21:11:06 -05:00
pmcraid.c
scsi: pmcraid: Use pci_dev_id() to simplify the code
2023-08-21 17:13:56 -04:00
pmcraid.h
scsi: pmcraid: Remove the PMCRAID_PASSTHROUGH_IOCTL ioctl implementation
2022-03-29 23:32:26 -04:00
ppa.c
scsi: ppa: Fix accidentally reversed conditions for 16-bit and 32-bit EPP
2023-09-05 05:26:49 -04:00
ppa.h
scsi: ppa: Add a module parameter for the transfer mode
2023-08-21 16:32:40 -04:00
ps3rom.c
scsi: ps3rom: Declare SCSI host template const
2023-03-24 19:19:58 -04:00
qla1280.c
scsi: qla1280: Fix kernel oops when debug level > 2
2025-03-22 12:50:40 -07:00
qla1280.h
scsi: qla1280: Fix hw revision numbering for ISP1020/1040
2025-01-02 10:32:04 +01:00
qlogicfas408.c
scsi: Remove drivers/scsi/scsi.h
2022-02-22 21:11:02 -05:00
qlogicfas408.h
qlogicfas.c
scsi: Remove drivers/scsi/scsi.h
2022-02-22 21:11:02 -05:00
qlogicpti.c
scsi: qlogicpti: Mark qlogicpti_info() static
2023-08-21 16:37:11 -04:00
qlogicpti.h
raid_class.c
scsi: core: raid_class: Remove raid_component_add()
2023-08-24 21:34:28 -04:00
script_asm.pl
scsi_bsg.c
scsi: replace the fmode_t argument to ->sg_io_fn with a simple bool
2023-06-12 08:04:04 -06:00
scsi_common.c
scsi: core: Use min() instead of open-coding it
2023-05-31 11:05:34 -04:00
scsi_debug.c
scsi: scsi_debug: Fix hrtimer support for ndelay
2024-12-14 19:59:49 +01:00
scsi_debugfs.c
scsi: core: Report error list information in debugfs
2023-08-24 22:13:03 -04:00
scsi_debugfs.h
scsi_devinfo.c
scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
2023-03-16 22:54:43 -04:00
scsi_dh.c
scsi: scsi_dh: Fix a typo
2021-03-24 23:03:43 -04:00
scsi_error.c
scsi: core: Move scsi_host_busy() out of host lock if it is for per-command
2024-02-16 19:10:53 +01:00
scsi_ioctl.c
scsi: replace the fmode_t argument to scsi_ioctl with a simple bool
2023-06-12 08:04:04 -06:00
scsi_lib_dma.c
scsi_lib.c
scsi: core: Clear flags for scsi_cmnd that did not complete
2025-05-02 07:50:43 +02:00
scsi_logging.c
scsi: core: scsi_logging: Fix a BUG
2022-03-29 23:29:19 -04:00
scsi_logging.h
scsi_netlink.c
scsi_pm.c
scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume()
2021-12-22 23:38:29 -05:00
scsi_priv.h
scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
2024-02-05 20:14:34 +00:00
scsi_proc.c
scsi: core: Fix legacy /proc parsing buffer overflow
2023-07-31 15:39:39 -04:00
scsi_sas_internal.h
scsi_scan.c
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
2025-08-28 16:28:29 +02:00
scsi_sysctl.c
scsi: simplify sysctl registration with register_sysctl()
2023-04-13 11:49:20 -07:00
scsi_sysfs.c
scsi: core: sysfs: Correct sysfs attributes access rights
2025-09-04 15:30:19 +02:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c
scsi: scsi_transport_fc: Allow setting rport state to current state
2024-11-08 16:28:21 +01:00
scsi_transport_iscsi.c
scsi: Revert "scsi: iscsi: Fix HW conn removal use after free"
2025-08-15 12:09:00 +02:00
scsi_transport_sas.c
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
2025-08-28 16:28:29 +02:00
scsi_transport_spi.c
scsi: spi: Fix sshdr use
2024-08-29 17:33:28 +02:00
scsi_transport_srp.c
scsi: core: Replace scsi_target_block() with scsi_block_targets()
2023-06-16 12:19:59 -04:00
scsi.c
scsi: Improve CDL control
2025-05-02 07:50:48 +02:00
scsicam.c
scsicam: Fix use of page cache
2022-05-08 14:28:18 -04:00
sd_dif.c
scsi: sd: Update DIX config every time sd_revalidate_disk() is called
2023-02-21 22:00:32 -05:00
sd_trace.h
scsi: sd: sd_zbc: Trace zone append emulation
2022-12-01 03:13:55 +00:00
sd_zbc.c
scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer
2025-05-22 14:12:22 +02:00
sd.c
scsi: sd: Make sd shutdown issue START STOP UNIT appropriately
2025-08-15 12:09:00 +02:00
sd.h
scsi: sd: Do not issue commands to suspended disks on shutdown
2023-09-28 21:23:18 +09:00
sense_codes.h
ses.c
Merge tag 'driver-core-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2023-04-27 11:53:57 -07:00
sg.c
scsi: sg: Do not sleep in atomic context
2025-12-01 11:41:42 +01:00
sgiwd93.c
scsi: sgiwd93: Declare SCSI host template const
2023-03-24 19:19:59 -04:00
sim710.c
scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls
2026-01-11 15:21:23 +01:00
sni_53c710.c
treewide: remove editor modelines and cruft
2021-05-07 00:26:34 -07:00
sr_ioctl.c
minmax: scsi: fix mis-use of 'clamp()' in sr.c
2024-08-03 08:54:33 +02:00
sr_vendor.c
scsi: sr: Don't use GFP_DMA
2021-12-22 23:41:13 -05:00
sr.c
Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
2023-06-30 11:57:07 -07:00
sr.h
scsi: sr: Fix unintentional arithmetic wraparound
2024-07-25 09:50:40 +02:00
st_options.h
st.c
scsi: st: Restore some drive settings after reset
2025-06-04 14:42:13 +02:00
st.h
scsi: st: Restore some drive settings after reset
2025-06-04 14:42:13 +02:00
stex.c
scsi: stex: Fix reboot_notifier leak in probe error path
2026-01-11 15:21:21 +01:00
storvsc_drv.c
scsi: storvsc: Increase the timeouts to storvsc_timeout
2025-06-27 11:08:59 +01:00
sun3_scsi_vme.c
sun3_scsi.c
scsi: NCR5380: Add SCp members to struct NCR5380_cmd
2022-02-22 21:11:03 -05:00
sun3x_esp.c
scsi: esp_scsi: Declare SCSI host template const
2023-03-24 19:19:22 -04:00
sun_esp.c
scsi: sun_esp: Explicitly include correct DT includes
2023-07-23 15:49:41 -04:00
virtio_scsi.c
scsi: core: Improve type safety of scsi_rescan_device()
2023-08-24 22:11:29 -04:00
vmw_pvscsi.c
scsi: vmw_pvscsi: No need to clear memory after a dma_alloc_coherent() call
2022-04-06 23:01:54 -04:00
vmw_pvscsi.h
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
2022-06-07 21:30:56 -04:00
wd33c93.c
scsi: wd33c93: Don't use stale scsi_pointer value
2024-10-17 15:24:34 +02:00
wd33c93.h
scsi: wd33c93: Remove dead code related to the long-gone config WD33C93_PIO
2022-09-25 13:29:53 -04:00
wd719x.c
scsi: wd719x: Declare SCSI host template const
2023-03-24 19:19:59 -04:00
wd719x.h
scsi: wd719x: Stop using the SCSI pointer
2022-02-22 21:11:07 -05:00
xen-scsifront.c
scsi: xen-scsifront: shost_priv() can never return NULL
2023-08-24 22:06:44 -04:00
zalon.c
scsi: zalon: Stop using the SCSI pointer
2022-02-22 21:11:07 -05:00
zorro7xx.c
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
2022-03-30 00:05:42 -04:00
zorro_esp.c
scsi: esp_scsi: Declare SCSI host template const
2023-03-24 19:19:22 -04:00