superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Linux kernel source tree
1,397,197 Commits
1 Branch
911 Tags
8.2 GiB
C 97.1%
Assembly 1%
Shell 0.6%
Rust 0.4%
Python 0.4%
Other 0.3%
 
 
 
 
 
 
Go to file
Duoming Zhou ab58153ec6 scsi: imm: Fix use-after-free bug caused by unfinished delayed work 
The delayed work item 'imm_tq' is initialized in imm_attach() and
scheduled via imm_queuecommand() for processing SCSI commands.  When the
IMM parallel port SCSI host adapter is detached through imm_detach(),
the imm_struct device instance is deallocated.

However, the delayed work might still be pending or executing
when imm_detach() is called, leading to use-after-free bugs
when the work function imm_interrupt() accesses the already
freed imm_struct memory.

The race condition can occur as follows:

CPU 0(detach thread)   | CPU 1
                       | imm_queuecommand()
                       |   imm_queuecommand_lck()
imm_detach()           |     schedule_delayed_work()
  kfree(dev) //FREE    | imm_interrupt()
                       |   dev = container_of(...) //USE
                           dev-> //USE

Add disable_delayed_work_sync() in imm_detach() to guarantee proper
cancellation of the delayed work item before imm_struct is deallocated.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Link: https://patch.msgid.link/20251028100149.40721-1-duoming@zju.edu.cn
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
 		2025-11-29 15:42:17 -05:00
Documentation Merge patch series "Add OP-TEE based RPMB driver for UFS devices" 2025-11-20 10:26:13 -05:00
LICENSES LICENSES: Replace the obsolete address of the FSF in the GFDL-1.2 2025-07-24 11:15:39 +02:00
arch - Reset the why-the-system-rebooted register on AMD to avoid stale bits 2025-10-19 04:41:27 -10:00
block block-6.18-20251016 2025-10-17 08:31:26 -07:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2024-09-20 19:52:48 +03:00
crypto This push contains the following changes: 2025-10-10 08:56:16 -07:00
drivers scsi: imm: Fix use-after-free bug caused by unfinished delayed work 2025-11-29 15:42:17 -05:00
fs Description for this pull request: 2025-10-18 07:23:59 -10:00
include Merge patch series "Add OP-TEE based RPMB driver for UFS devices" 2025-11-20 10:26:13 -05:00
init printk changes for 6.18 2025-10-04 11:13:11 -07:00
io_uring io_uring/rw: check for NULL io_br_sel when putting a buffer 2025-10-15 13:38:53 -06:00
ipc namespace-6.18-rc1 2025-09-29 11:20:29 -07:00
kernel - Make sure the check for lost pelt idle time is done unconditionally to 2025-10-19 04:59:43 -10:00
lib lib/test_kho: use kho_preserve_vmalloc instead of storing addresses in fdt 2025-10-07 13:48:56 -07:00
mm slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL 2025-10-16 15:16:45 +02:00
net bpf-fixes 2025-10-18 08:00:43 -10:00
rust rust: bitmap: fix formatting 2025-10-17 13:02:22 +02:00
samples Char/Misc/IIO/Binder changes for 6.18-rc1 2025-10-04 16:26:32 -07:00
scripts Kbuild fixes for 6.18 #1 2025-10-11 15:47:12 -07:00
security integrity-v6.18 2025-10-05 10:48:33 -07:00
sound ALSA: hda/realtek: Fix mute led for HP Omen 17-cb0xxx 2025-10-17 16:37:21 +02:00
tools hid-for-linus-2025101701 2025-10-18 08:18:18 -10:00
usr gen_init_cpio: Ignore fsync() returning EINVAL on pipes 2025-10-07 09:53:05 -07:00
virt KVM x86 fixes for 6.18: 2025-10-18 10:25:43 +02:00
.clang-format memblock: drop for_each_free_mem_pfn_range_in_zone_from() 2025-09-14 08:49:03 +03:00
.clippy.toml rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration 2025-05-07 00:11:47 +02:00
.cocciconfig
.editorconfig
.get_maintainer.ignore MAINTAINERS: remove Alyssa Rosenzweig 2025-09-18 21:17:31 +02:00
.gitattributes
.gitignore .gitignore: ignore compile_commands.json globally 2025-08-12 15:53:55 -07:00
.mailmap Including fixes from CAN 2025-10-16 09:41:21 -07:00
.pylintrc tools: docs: parse-headers.py: move it from sphinx dir 2025-08-29 15:54:42 -06:00
.rustfmt.toml
COPYING
CREDITS USB/Thunderbolt changes for 6.18-rc1 2025-10-04 16:07:08 -07:00
Kbuild sched: Make migrate_{en,dis}able() inline 2025-09-25 09:57:16 +02:00
Kconfig io_uring: Rename KConfig to Kconfig 2025-02-19 14:53:27 -07:00
MAINTAINERS Merge patch series "Add OP-TEE based RPMB driver for UFS devices" 2025-11-20 10:26:13 -05:00
Makefile Linux 6.18-rc2 2025-10-19 15:19:16 -10:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.