Public bug reported:
[Impact]
When the lldd is processing the complete sas task in interrupt and set the
task stat as SAS_TASK_STATE_DONE, the smp timeout timer is able to be
triggered at the same time. And smp_task_timedout() will complete the task
wheter the SAS_TASK_STATE_DONE is set or not. Then the sas task may freed
before lldd end the interrupt process. Thus a use-after-free will happen.
[Test Case]
This is hard to reproduce, so regression test only.
[Fix]
b90cd6f2b9 scsi: libsas: fix a race condition when smp task timeout
[Regression Risk]
Only 2 line moved in libsas and maintainer has reviewed/approved. I will say
it's low.
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Ike Panhc (ikepanhc)
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1808912
Title:
scsi: libsas: fix a race condition when smp task timeout
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
When the lldd is processing the complete sas task in interrupt and set the
task stat as SAS_TASK_STATE_DONE, the smp timeout timer is able to be
triggered at the same time. And smp_task_timedout() will complete the task
wheter the SAS_TASK_STATE_DONE is set or not. Then the sas task may freed
before lldd end the interrupt process. Thus a use-after-free will happen.
[Test Case]
This is hard to reproduce, so regression test only.
[Fix]
b90cd6f2b9 scsi: libsas: fix a race condition when smp task timeout
[Regression Risk]
Only 2 line moved in libsas and maintainer has reviewed/approved. I will say
it's low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1808912/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
