git.ipfire.org Git - thirdparty/kernel/stable.git/commit

scsi: smartpqi: Fix device resources accessed after device removal

[ Upstream commit b518e86d1a70a88f6592a7c396cf1b93493d1aab ]

Correct possible race conditions during device removal.

Previously, a scheduled work item to reset a LUN could still execute
after the device was removed, leading to use-after-free and other
resource access issues.

This race condition occurs because the abort handler may schedule a LUN
reset concurrently with device removal via sdev_destroy(), leading to
use-after-free and improper access to freed resources.

  - Check in the device reset handler if the device is still present in
    the controller's SCSI device list before running; if not, the reset
    is skipped.

  - Cancel any pending TMF work that has not started in sdev_destroy().

  - Ensure device freeing in sdev_destroy() is done while holding the
    LUN reset mutex to avoid races with ongoing resets.

Fixes: 2d80f4054f7f ("scsi: smartpqi: Update deleting a LUN via sysfs")
Reviewed-by: Scott Teel <scott.teel@microchip.com>
Reviewed-by: Scott Benesh <scott.benesh@microchip.com>
Signed-off-by: Mike McGowen <mike.mcgowen@microchip.com>
Signed-off-by: Don Brace <don.brace@microchip.com>
Link: https://patch.msgid.link/20251106163823.786828-3-don.brace@microchip.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

author	Mike McGowen <mike.mcgowen@microchip.com>
	Thu, 6 Nov 2025 16:38:20 +0000 (10:38 -0600)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 18 Dec 2025 13:02:53 +0000 (14:02 +0100)
commit	1a5c5a2f88e839af5320216a02ffb075b668596a
tree	0d0166e75e6f7056518cec1a0f5b27cbd04ac0ea	tree \| snapshot
parent	f7c6c26a99779e4657ea83361b4042435de96d39	commit \| diff