scsi: ufs: bsg: Set bsg_queue to NULL after removal

commit 1e95c798d8a7f70965f0f88d4657b682ff0ec75f upstream.

Currently, this does not cause any issues, but I believe it is necessary to
set bsg_queue to NULL after removing it to prevent potential use-after-free
(UAF) access.

Signed-off-by: Guixin Liu <kanie@linux.alibaba.com>
Link: https://lore.kernel.org/r/20241218014214.64533-3-kanie@linux.alibaba.com
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/scsi/ufs/ufs_bsg.c b/drivers/scsi/ufs/ufs_bsg.c
index 16e8ddcf22fe4ab5d9d9a49e5783dda936c114e1..b8bbfd81b8ae0173e0353cd918e290cee9e8737d 100644 (file)
--- a/drivers/scsi/ufs/ufs_bsg.c
+++ b/drivers/scsi/ufs/ufs_bsg.c
@@ -175,6 +175,7 @@ void ufs_bsg_remove(struct ufs_hba *hba)
                return;
 
        bsg_remove_queue(hba->bsg_queue);
+       hba->bsg_queue = NULL;
 
        device_del(bsg_dev);
        put_device(bsg_dev);