** Changed in: linux (Ubuntu Bionic)
       Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Cosmic)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1808912

Title:
  scsi: libsas: fix a race condition when smp task timeout

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  Fix Committed
Status in linux source package in Disco:
  Fix Committed

Bug description:
  [Impact]
  When the lldd is processing the complete sas task in interrupt and set the
  task stat as SAS_TASK_STATE_DONE, the smp timeout timer is able to be
  triggered at the same time. And smp_task_timedout() will complete the task
  wheter the SAS_TASK_STATE_DONE is set or not. Then the sas task may freed
  before lldd end the interrupt process. Thus a use-after-free will happen.

  [Test Case]
  This is hard to reproduce, so regression test only.

  [Fix]
  b90cd6f2b9 scsi: libsas: fix a race condition when smp task timeout

  [Regression Risk]
  Only 2 line moved in libsas and maintainer has reviewed/approved. I will say 
it's low.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1808912/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to