Commit 1e95c798 authored Dec 18, 2024 by Guixin Liu Committed by Martin K. Petersen Jan 10, 2025

scsi: ufs: bsg: Set bsg_queue to NULL after removal



Currently, this does not cause any issues, but I believe it is necessary to
set bsg_queue to NULL after removing it to prevent potential use-after-free
(UAF) access.

Signed-off-by: Guixin Liu <kanie@linux.alibaba.com>
Link: https://lore.kernel.org/r/20241218014214.64533-3-kanie@linux.alibaba.com


Reviewed-by: Avri Altman <avri.altman@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

parent fcf247de

drivers/ufs/core/ufs_bsg.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -216,6 +216,7 @@ void ufs_bsg_remove(struct ufs_hba *hba)
		return;

		bsg_remove_queue(hba->bsg_queue);
		hba->bsg_queue = NULL;

		device_del(bsg_dev);
		put_device(bsg_dev);