[PATCH AUTOSEL 4.14 11/16] scsi: st: Fix a use after free in st_open()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Lv Yunlong" <lyl2019@mail.ustc.edu.cn>,
	"Kai Mäkisara" <kai.makisara@kolumbus.fi>,
	"Martin K . Petersen" <martin.petersen@oracle.com>,
	"Sasha Levin" <sashal@kernel.org>,
	linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 11/16] scsi: st: Fix a use after free in st_open()
Date: Thu, 25 Mar 2021 07:27:46 -0400	[thread overview]
Message-ID: <20210325112751.1928421-11-sashal@kernel.org> (raw)
In-Reply-To: <20210325112751.1928421-1-sashal@kernel.org>

From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>

[ Upstream commit c8c165dea4c8f5ad67b1240861e4f6c5395fa4ac ]

In st_open(), if STp->in_use is true, STp will be freed by
scsi_tape_put(). However, STp is still used by DEBC_printk() after. It is
better to DEBC_printk() before scsi_tape_put().

Link: https://lore.kernel.org/r/20210311064636.10522-1-lyl2019@mail.ustc.edu.cn
Acked-by: Kai Mäkisara <kai.makisara@kolumbus.fi>
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/st.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/st.c b/drivers/scsi/st.c
index 94e402ed30f6..6497a6f12a6f 100644
--- a/drivers/scsi/st.c
+++ b/drivers/scsi/st.c
@@ -1268,8 +1268,8 @@ static int st_open(struct inode *inode, struct file *filp)
 	spin_lock(&st_use_lock);
 	if (STp->in_use) {
 		spin_unlock(&st_use_lock);
-		scsi_tape_put(STp);
 		DEBC_printk(STp, "Device already in use.\n");
+		scsi_tape_put(STp);
 		return (-EBUSY);
 	}
 
-- 
2.30.1

next prev parent reply	other threads:[~2021-03-25 11:33 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-25 11:27 [PATCH AUTOSEL 4.14 01/16] ext4: fix bh ref count on error paths Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 02/16] rpc: fix NULL dereference on kmalloc failure Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 03/16] ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 Sasha Levin
2021-03-25 11:27   ` Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 04/16] ASoC: rt5651: " Sasha Levin
2021-03-25 11:27   ` Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 05/16] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe Sasha Levin
2021-03-25 11:27   ` Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 06/16] ASoC: es8316: Simplify adc_pga_gain_tlv table Sasha Levin
2021-03-25 11:27   ` Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 07/16] ASoC: cs42l42: Fix mixer volume control Sasha Levin
2021-03-25 11:27   ` Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 08/16] ASoC: cs42l42: Always wait at least 3ms after reset Sasha Levin
2021-03-25 11:27   ` Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 09/16] powerpc: Force inlining of cpu_has_feature() to avoid build failure Sasha Levin
2021-03-25 11:27   ` Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 10/16] vhost: Fix vhost_vq_reset() Sasha Levin
2021-03-25 11:27   ` Sasha Levin
2021-03-25 11:27 ` Sasha Levin [this message]
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 12/16] scsi: qla2xxx: Fix broken #endif placement Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 13/16] staging: comedi: cb_pcidas: fix request_irq() warn Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 14/16] staging: comedi: cb_pcidas64: " Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 15/16] ASoC: rt5659: Update MCLK rate in set_sysclk() Sasha Levin
2021-03-25 11:27   ` Sasha Levin
2021-03-25 11:27 ` [PATCH AUTOSEL 4.14 16/16] ext4: do not iput inode under running transaction in ext4_rename() Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:94e402ed30f dfblob:6497a6f12a6 )
 OR (
bs:"[PATCH AUTOSEL 4.14 11/16] scsi: st: Fix a use after free in st_open()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210325112751.1928421-11-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=kai.makisara@kolumbus.fi \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=lyl2019@mail.ustc.edu.cn \
    --cc=martin.petersen@oracle.com \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.