scsi: ufs: bsg: Set bsg_queue to NULL after removal

[ Upstream commit 1e95c798d8a7f70965f0f88d4657b682ff0ec75f ] Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access. Signed-off-by: Guixin Liu <kanie@linux.alibaba.com> Link: https://lore.kernel.org/r/20241218014214.64533-3-kanie@linux.alibaba.com Reviewed-by: Avri Altman <avri.altman@wdc.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Guixin Liu <kanie@linux.alibaba.com> 2024-12-18 09:42:14 +0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-02-21 14:01:25 +0100
commit: 88a01e9c9ad40c075756ba93b47984461d4ff15d (patch)
tree: 2cb225411b167dc04363dd36088fba1cc67f36a1
parent: 551df35e4f4c96b13b3b2f6688b3b46ea4819392 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/ufs/core/ufs_bsg.c b/drivers/ufs/core/ufs_bsg.c
index 58023f735c19..8d4ad0a3f2cf 100644
--- a/drivers/ufs/core/ufs_bsg.c
+++ b/drivers/ufs/core/ufs_bsg.c
@@ -216,6 +216,7 @@ void ufs_bsg_remove(struct ufs_hba *hba)
 		return;
 
 	bsg_remove_queue(hba->bsg_queue);
+	hba->bsg_queue = NULL;
 
 	device_del(bsg_dev);
 	put_device(bsg_dev);
author	Guixin Liu <kanie@linux.alibaba.com>	2024-12-18 09:42:14 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-02-21 14:01:25 +0100
commit	88a01e9c9ad40c075756ba93b47984461d4ff15d (patch)
tree	2cb225411b167dc04363dd36088fba1cc67f36a1
parent	551df35e4f4c96b13b3b2f6688b3b46ea4819392 (diff)