Commit d804621d authored Oct 21, 2015 by Matthew R. Ochs Committed by James Bottomley Oct 30, 2015

cxlflash: Fix to prevent workq from accessing freed memory



The workq can process work in parallel with a remove event, leading
to a condition where the workq handler can access freed memory.

To remedy, the workq should be terminated prior to freeing memory. Move
the termination call earlier in remove and use cancel_work_sync() instead
of flush_work() as there is not a need to process any scheduled work when
shutting down.

Signed-off-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Signed-off-by: Manoj N. Kumar <manoj@linux.vnet.ibm.com>
Reviewed-by: Brian King <brking@linux.vnet.ibm.com>
Reviewed-by: Tomas Henzl <thenzl@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>

parent 8b5b1e87

drivers/scsi/cxlflash/main.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -736,11 +736,11 @@ static void cxlflash_remove(struct pci_dev *pdev)
		/* Fall through */
		case INIT_STATE_AFU:
		term_afu(cfg);
		cancel_work_sync(&cfg->work_q);
		case INIT_STATE_PCI:
		pci_release_regions(cfg->dev);
		pci_disable_device(pdev);
		case INIT_STATE_NONE:
		flush_work(&cfg->work_q);
		free_mem(cfg);
		scsi_host_put(cfg->host);
		break;